SUSE update for the Linux Kernel



| Updated: 2025-03-03
Risk High
Patch available YES
Number of vulnerabilities 241
CVE-ID CVE-2023-52778
CVE-2023-52920
CVE-2023-52921
CVE-2023-52922
CVE-2024-26596
CVE-2024-26703
CVE-2024-26741
CVE-2024-26782
CVE-2024-26864
CVE-2024-26953
CVE-2024-27017
CVE-2024-27407
CVE-2024-35888
CVE-2024-36000
CVE-2024-36031
CVE-2024-36484
CVE-2024-36883
CVE-2024-36886
CVE-2024-36905
CVE-2024-36920
CVE-2024-36927
CVE-2024-36954
CVE-2024-36968
CVE-2024-38589
CVE-2024-40914
CVE-2024-41023
CVE-2024-42102
CVE-2024-44995
CVE-2024-46680
CVE-2024-46681
CVE-2024-46765
CVE-2024-46788
CVE-2024-46800
CVE-2024-46828
CVE-2024-46845
CVE-2024-47666
CVE-2024-47679
CVE-2024-47701
CVE-2024-47703
CVE-2024-49852
CVE-2024-49866
CVE-2024-49868
CVE-2024-49881
CVE-2024-49883
CVE-2024-49884
CVE-2024-49894
CVE-2024-49895
CVE-2024-49897
CVE-2024-49899
CVE-2024-49901
CVE-2024-49905
CVE-2024-49908
CVE-2024-49909
CVE-2024-49911
CVE-2024-49912
CVE-2024-49913
CVE-2024-49921
CVE-2024-49922
CVE-2024-49923
CVE-2024-49925
CVE-2024-49933
CVE-2024-49934
CVE-2024-49944
CVE-2024-49945
CVE-2024-49952
CVE-2024-49959
CVE-2024-49968
CVE-2024-49975
CVE-2024-49976
CVE-2024-49983
CVE-2024-49987
CVE-2024-49989
CVE-2024-50003
CVE-2024-50004
CVE-2024-50006
CVE-2024-50009
CVE-2024-50012
CVE-2024-50014
CVE-2024-50015
CVE-2024-50026
CVE-2024-50067
CVE-2024-50080
CVE-2024-50081
CVE-2024-50082
CVE-2024-50084
CVE-2024-50087
CVE-2024-50088
CVE-2024-50089
CVE-2024-50093
CVE-2024-50095
CVE-2024-50096
CVE-2024-50098
CVE-2024-50099
CVE-2024-50100
CVE-2024-50101
CVE-2024-50102
CVE-2024-50103
CVE-2024-50108
CVE-2024-50110
CVE-2024-50115
CVE-2024-50116
CVE-2024-50117
CVE-2024-50121
CVE-2024-50124
CVE-2024-50125
CVE-2024-50127
CVE-2024-50128
CVE-2024-50130
CVE-2024-50131
CVE-2024-50134
CVE-2024-50135
CVE-2024-50136
CVE-2024-50138
CVE-2024-50139
CVE-2024-50141
CVE-2024-50145
CVE-2024-50146
CVE-2024-50147
CVE-2024-50148
CVE-2024-50150
CVE-2024-50153
CVE-2024-50154
CVE-2024-50155
CVE-2024-50156
CVE-2024-50157
CVE-2024-50158
CVE-2024-50159
CVE-2024-50160
CVE-2024-50166
CVE-2024-50167
CVE-2024-50169
CVE-2024-50171
CVE-2024-50172
CVE-2024-50175
CVE-2024-50176
CVE-2024-50177
CVE-2024-50179
CVE-2024-50180
CVE-2024-50181
CVE-2024-50182
CVE-2024-50183
CVE-2024-50184
CVE-2024-50186
CVE-2024-50187
CVE-2024-50188
CVE-2024-50189
CVE-2024-50192
CVE-2024-50194
CVE-2024-50195
CVE-2024-50196
CVE-2024-50198
CVE-2024-50200
CVE-2024-50201
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50210
CVE-2024-50215
CVE-2024-50216
CVE-2024-50218
CVE-2024-50221
CVE-2024-50224
CVE-2024-50225
CVE-2024-50228
CVE-2024-50229
CVE-2024-50230
CVE-2024-50231
CVE-2024-50232
CVE-2024-50233
CVE-2024-50234
CVE-2024-50235
CVE-2024-50236
CVE-2024-50237
CVE-2024-50240
CVE-2024-50245
CVE-2024-50246
CVE-2024-50248
CVE-2024-50249
CVE-2024-50250
CVE-2024-50252
CVE-2024-50255
CVE-2024-50257
CVE-2024-50261
CVE-2024-50264
CVE-2024-50265
CVE-2024-50267
CVE-2024-50268
CVE-2024-50269
CVE-2024-50271
CVE-2024-50273
CVE-2024-50274
CVE-2024-50275
CVE-2024-50276
CVE-2024-50279
CVE-2024-50282
CVE-2024-50287
CVE-2024-50289
CVE-2024-50290
CVE-2024-50292
CVE-2024-50295
CVE-2024-50296
CVE-2024-50298
CVE-2024-50301
CVE-2024-50302
CVE-2024-53042
CVE-2024-53043
CVE-2024-53045
CVE-2024-53048
CVE-2024-53051
CVE-2024-53052
CVE-2024-53055
CVE-2024-53056
CVE-2024-53058
CVE-2024-53059
CVE-2024-53060
CVE-2024-53061
CVE-2024-53063
CVE-2024-53066
CVE-2024-53068
CVE-2024-53072
CVE-2024-53074
CVE-2024-53076
CVE-2024-53079
CVE-2024-53081
CVE-2024-53082
CVE-2024-53085
CVE-2024-53088
CVE-2024-53093
CVE-2024-53094
CVE-2024-53095
CVE-2024-53096
CVE-2024-53100
CVE-2024-53101
CVE-2024-53104
CVE-2024-53106
CVE-2024-53108
CVE-2024-53110
CVE-2024-53112
CVE-2024-53114
CVE-2024-53121
CVE-2024-53138
CWE-ID CWE-119
CWE-476
CWE-416
CWE-125
CWE-399
CWE-415
CWE-200
CWE-682
CWE-908
CWE-617
CWE-20
CWE-362
CWE-401
CWE-369
CWE-667
CWE-388
CWE-190
CWE-835
CWE-665
CWE-404
CWE-191
CWE-787
Exploitation vector Network
Public exploit Vulnerability #204 is being exploited in the wild.
Vulnerability #234 is being exploited in the wild.
Vulnerable software
 SUSE Real Time Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-livepatch-6_4_0-150600_10_20-rt
Operating systems & Components / Operating system package or component

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource
Operating systems & Components / Operating system package or component

kernel-rt_debug
Operating systems & Components / Operating system package or component

kernel-rt
Operating systems & Components / Operating system package or component

kernel-source-rt
Operating systems & Components / Operating system package or component

kernel-devel-rt
Operating systems & Components / Operating system package or component

kernel-rt-livepatch-devel
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-rt
Operating systems & Components / Operating system package or component

dlm-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-rt
Operating systems & Components / Operating system package or component

kernel-rt-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-vdso
Operating systems & Components / Operating system package or component

kernel-rt_debug-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-extra-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-extra
Operating systems & Components / Operating system package or component

kernel-rt-optional
Operating systems & Components / Operating system package or component

kernel-rt_debug-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt-devel-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-debugsource
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel
Operating systems & Components / Operating system package or component

gfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt-devel
Operating systems & Components / Operating system package or component

kernel-rt_debug-vdso
Operating systems & Components / Operating system package or component

kselftests-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt_debug-debugsource
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 241 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU93169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52778

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mptcp_update_infinite_map() and mptcp_sendmsg_frag() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU99770

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the BPF_MOV64_REG() and BPF_RAW_INSN() functions in tools/testing/selftests/bpf/verifier/precise.c, within the subprog_spill_reg_precise() function in tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, within the copy_verifier_state(), check_reg_arg(), is_jmp_point(), bt_is_reg_set(), calls_callback(), backtrack_insn(), __mark_chain_precision(), check_stack_write_fixed_off(), check_stack_read_fixed_off(), check_atomic(), push_jmp_history() and do_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU100617

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52921

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_pass1() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU101033

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52922

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU90362

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26596

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() and dsa_user_changeupper() functions in net/dsa/user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU90606

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26703

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the timerlat_fd_open() and timerlat_fd_read() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU93259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26741

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the net/ipv4/inet_hashtables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Double free

EUVDB-ID: #VU90927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26782

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU91364

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26864

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sock_prot_inuse_add() function in net/ipv4/inet_hashtables.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information disclosure

EUVDB-ID: #VU91359

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26953

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Incorrect calculation

EUVDB-ID: #VU93615

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27017

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU93624

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27407

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use of uninitialized resource

EUVDB-ID: #VU90873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35888

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Reachable Assertion

EUVDB-ID: #VU90907

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36000

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU94121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU90272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36883

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU90049

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-36886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Race condition

EUVDB-ID: #VU93375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36905

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU93238

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36920

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mpi3mr_bsg_process_mpt_cmds() function in drivers/scsi/mpi3mr/mpi3mr_app.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use of uninitialized resource

EUVDB-ID: #VU90863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36927

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU90431

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36954

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Division by zero

EUVDB-ID: #VU92008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36968

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU94291

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40914

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU94924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41023

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Integer overflow

EUVDB-ID: #VU95034

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42102

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU97270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46680

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ps_wakeup(), btnxpuart_close() and nxp_serdev_remove() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Infinite loop

EUVDB-ID: #VU97278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46681

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU97522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46765

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU97517

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46788

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the osnoise_migration_pending(), stop_kthread(), start_kthread() and start_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU97780

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46845

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the this_cpu_tmr_var() and timerlat_fd_release() functions in kernel/trace/trace_osnoise.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU98366

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47666

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Incorrect calculation

EUVDB-ID: #VU99189

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47703

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper error handling

EUVDB-ID: #VU99072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49897

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU99225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU98960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU98958

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU98939

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49908

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU98938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49909

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU98936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU98935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49912

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the planes_changed_for_existing_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) NULL pointer dereference

EUVDB-ID: #VU98926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49921

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU98924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49922

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU98950

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49923

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU98871

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49925

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU98872

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU98953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49944

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU98875

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49945

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Buffer overflow

EUVDB-ID: #VU99151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49952

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU99226

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper locking

EUVDB-ID: #VU99015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stop_kthread() and stop_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU98880

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU98946

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49987

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the show_link_netfilter() function in tools/bpf/bpftool/net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Double free

EUVDB-ID: #VU99058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49989

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the link_destruct() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Input validation error

EUVDB-ID: #VU99218

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50003

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dmub_hpd_callback() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU99040

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50004

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_unoptimized_policy_settings() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU98923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50009

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Incorrect calculation

EUVDB-ID: #VU99186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50012

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper locking

EUVDB-ID: #VU99010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Buffer overflow

EUVDB-ID: #VU99099

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper Initialization

EUVDB-ID: #VU99129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50026

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the wd33c93_intr() function in drivers/scsi/wd33c93.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use-after-free

EUVDB-ID: #VU99434

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Memory leak

EUVDB-ID: #VU99439

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50080

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper Initialization

EUVDB-ID: #VU99456

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50081

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the blk_mq_init_allocated_queue() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Memory leak

EUVDB-ID: #VU99441

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50084

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vcap_api_encode_rule_test() function in drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use of uninitialized resource

EUVDB-ID: #VU99455

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50087

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the replay_one_name() and check_item_in_log() functions in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) NULL pointer dereference

EUVDB-ID: #VU99448

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50088

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the add_inode_ref() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Input validation error

EUVDB-ID: #VU99849

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50089

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU99842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50093

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper locking

EUVDB-ID: #VU99828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50095

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU99843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50096

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU99823

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper locking

EUVDB-ID: #VU99824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Resource management error

EUVDB-ID: #VU99838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50100

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dummy_urb_enqueue(), dummy_urb_dequeue(), dummy_timer(), dummy_bus_resume() and dummy_stop() functions in drivers/usb/gadget/udc/dummy_hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Input validation error

EUVDB-ID: #VU99847

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the domain_context_clear_one_cb() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Memory leak

EUVDB-ID: #VU99845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50102

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the IS_ENABLED() function in arch/x86/lib/getuser.S, within the RUNTIME_CONST() function in arch/x86/kernel/vmlinux.lds.S, within the arch_cpu_finalize_init() function in arch/x86/kernel/cpu/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU99814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50103

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Resource management error

EUVDB-ID: #VU99839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50108

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the is_psr_su_specific_panel() function in drivers/gpu/drm/amd/display/modules/power/power_helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Memory leak

EUVDB-ID: #VU99801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50110

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the copy_to_user_auth() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU99810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50115

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper error handling

EUVDB-ID: #VU99831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50116

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) NULL pointer dereference

EUVDB-ID: #VU99818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50117

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Use-after-free

EUVDB-ID: #VU99804

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50121

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_state_shutdown_net() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use-after-free

EUVDB-ID: #VU99805

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50124

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ISO_CONN_TIMEOUT(), iso_sock_timeout() and iso_conn_del() functions in net/bluetooth/iso.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Use-after-free

EUVDB-ID: #VU99806

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50125

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Use-after-free

EUVDB-ID: #VU99808

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50127

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Out-of-bounds read

EUVDB-ID: #VU99812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50128

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Use-after-free

EUVDB-ID: #VU99809

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50130

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_hook_run_bpf(), bpf_nf_link_release() and bpf_nf_link_attach() functions in net/netfilter/nf_bpf_link.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper error handling

EUVDB-ID: #VU99833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50131

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Buffer overflow

EUVDB-ID: #VU99837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU99826

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50135

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_pci_nr_maps() and nvme_reset_work() functions in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Resource management error

EUVDB-ID: #VU99836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50136

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlx5_eswitch_enable_locked() function in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper locking

EUVDB-ID: #VU99827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50138

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bpf_ringbuf_alloc() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Out-of-bounds read

EUVDB-ID: #VU100065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50139

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the reset_clidr() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improper locking

EUVDB-ID: #VU100077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) NULL pointer dereference

EUVDB-ID: #VU100070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50145

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the octep_oq_next_pkt() and __octep_oq_process_rx() functions in drivers/net/ethernet/marvell/octeon_ep/octep_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) NULL pointer dereference

EUVDB-ID: #VU100071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50146

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the _mlx5e_remove() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU100072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50147

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_cmd_comp_handler(), mlx5_cmd_trigger_completions() and mlx5_cmd_enable() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU100059

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Use-after-free

EUVDB-ID: #VU100061

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50153

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper locking

EUVDB-ID: #VU100078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50155

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nsim_dev_trap_report_work() and nsim_dev_traps_init() functions in drivers/net/netdevsim/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) NULL pointer dereference

EUVDB-ID: #VU100073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50156

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_disp_state_dump_regs() and msm_disp_state_print() functions in drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Improper locking

EUVDB-ID: #VU100079

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50157

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the is_dbr_fifo_full() and __wait_for_fifo_occupancy_below_th() functions in drivers/infiniband/hw/bnxt_re/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Out-of-bounds read

EUVDB-ID: #VU100067

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50158

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_re_ib_get_hw_stats() function in drivers/infiniband/hw/bnxt_re/hw_counters.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use-after-free

EUVDB-ID: #VU100064

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50159

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the scmi_debugfs_common_setup() function in drivers/firmware/arm_scmi/driver.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU100074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50160

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dolphin_fixups() function in sound/pci/hda/patch_cs8409.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Memory leak

EUVDB-ID: #VU100052

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50166

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mac_probe() and mac_remove() functions in drivers/net/ethernet/freescale/fman/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Memory leak

EUVDB-ID: #VU100053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50167

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper locking

EUVDB-ID: #VU100080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50169

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtio_transport_read_skb() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Memory leak

EUVDB-ID: #VU100057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50172

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bnxt_re_setup_chip_ctx() function in drivers/infiniband/hw/bnxt_re/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper locking

EUVDB-ID: #VU100125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50175

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the video_stop_streaming() function in drivers/media/platform/qcom/camss/camss-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper error handling

EUVDB-ID: #VU100133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50176

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dev_err() and rproc_del() functions in drivers/remoteproc/ti_k3_r5_remoteproc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Out-of-bounds read

EUVDB-ID: #VU100121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50177

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dml_core_mode_support() and dml_core_mode_programming() functions in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Input validation error

EUVDB-ID: #VU100155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50181

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imx7d_clocks_init() function in drivers/clk/imx/clk-imx7d.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Buffer overflow

EUVDB-ID: #VU100147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Improper locking

EUVDB-ID: #VU100126

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50183

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Resource management error

EUVDB-ID: #VU100143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50184

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) NULL pointer dereference

EUVDB-ID: #VU100122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50186

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Input validation error

EUVDB-ID: #VU100156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50187

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Buffer overflow

EUVDB-ID: #VU100138

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Buffer overflow

EUVDB-ID: #VU100145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Buffer overflow

EUVDB-ID: #VU100146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Infinite loop

EUVDB-ID: #VU100142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50196

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) NULL pointer dereference

EUVDB-ID: #VU100123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50198

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Reachable assertion

EUVDB-ID: #VU100132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50200

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Resource management error

EUVDB-ID: #VU100151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Buffer overflow

EUVDB-ID: #VU100141

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50208

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Buffer overflow

EUVDB-ID: #VU100148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50209

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Improper locking

EUVDB-ID: #VU100129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50210

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Double free

EUVDB-ID: #VU100190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50215

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvmet_setup_dhgroup() function in drivers/nvme/target/auth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Use of uninitialized resource

EUVDB-ID: #VU100193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50216

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the xfs_filestream_pick_ag() and !() functions in fs/xfs/xfs_filestream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Out-of-bounds read

EUVDB-ID: #VU100170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50221

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vangogh_tables_init() function in drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) NULL pointer dereference

EUVDB-ID: #VU100175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50224

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dspi_setup() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) NULL pointer dereference

EUVDB-ID: #VU100176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50225

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_bio_init() and __btrfs_bio_end_io() functions in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Improper locking

EUVDB-ID: #VU100182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50228

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Memory leak

EUVDB-ID: #VU100161

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50231

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iio_gts_build_avail_scale_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Division by zero

EUVDB-ID: #VU100199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50232

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7124_write_raw() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Double free

EUVDB-ID: #VU100191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50235

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the _cfg80211_unregister_wdev() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Use of uninitialized resource

EUVDB-ID: #VU100194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) NULL pointer dereference

EUVDB-ID: #VU100179

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50240

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qmp_usb_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Improper locking

EUVDB-ID: #VU100185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50245

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Buffer overflow

EUVDB-ID: #VU100203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50246

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Input validation error

EUVDB-ID: #VU100205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50248

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Improper locking

EUVDB-ID: #VU100186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50249

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Buffer overflow

EUVDB-ID: #VU100198

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50250

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dax_unshare_iter() function in fs/dax.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Memory leak

EUVDB-ID: #VU100163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50252

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_ipip_ol_netdev_change_gre6() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_ipip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) NULL pointer dereference

EUVDB-ID: #VU100180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50255

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __hci_cmd_sync_sk() and __hci_cmd_sync_status_sk() functions in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Use-after-free

EUVDB-ID: #VU100168

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50257

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Use-after-free

EUVDB-ID: #VU100169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50261

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macsec_free_netdev() function in drivers/net/macsec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Use-after-free

EUVDB-ID: #VU100613

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50267

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Out-of-bounds read

EUVDB-ID: #VU100618

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Improper locking

EUVDB-ID: #VU100628

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50271

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dec_rlimit_put_ucounts() and inc_rlimit_get_ucounts() functions in kernel/ucount.c, within the __sigqueue_alloc() function in kernel/signal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Improper locking

EUVDB-ID: #VU100629

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50274

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the idpf_handle_event_link() function in drivers/net/ethernet/intel/idpf/idpf_virtchnl.c, within the idpf_initiate_soft_reset() function in drivers/net/ethernet/intel/idpf/idpf_lib.c, within the idpf_set_msglevel() function in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Resource management error

EUVDB-ID: #VU100644

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50275

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sve_init_regs() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Double free

EUVDB-ID: #VU100632

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50276

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mse102x_tx_frame_spi() function in drivers/net/ethernet/vertexcom/mse102x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Out-of-bounds read

EUVDB-ID: #VU100620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50279

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Buffer overflow

EUVDB-ID: #VU100638

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50282

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Input validation error

EUVDB-ID: #VU100652

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50289

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) NULL pointer dereference

EUVDB-ID: #VU100625

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50292

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Resource management error

EUVDB-ID: #VU100646

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50295

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) NULL pointer dereference

EUVDB-ID: #VU100626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50296

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) NULL pointer dereference

EUVDB-ID: #VU100627

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50298

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the enetc_sriov_configure(), enetc_pf_probe(), free_netdev() and enetc_pf_remove() functions in drivers/net/ethernet/freescale/enetc/enetc_pf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Memory leak

EUVDB-ID: #VU100611

Risk: Medium

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2024-50302

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

205) Improper locking

EUVDB-ID: #VU100718

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53042

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the include/net/ip_tunnels.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Input validation error

EUVDB-ID: #VU100747

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53043

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mctp_i2c_header_create() function in drivers/net/mctp/mctp-i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Resource management error

EUVDB-ID: #VU100736

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53045

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dapm_widget_list_create() function in sound/soc/soc-dapm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Improper Initialization

EUVDB-ID: #VU100735

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53048

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the ARRAY_SIZE() and ice_cgu_get_pin_desc() functions in drivers/net/ethernet/intel/ice/ice_ptp_hw.c, within the ice_dpll_init_worker() and ice_dpll_init_info_direct_pins() functions in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) NULL pointer dereference

EUVDB-ID: #VU100710

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53051

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the intel_hdcp_read_valid_bksv() function in drivers/gpu/drm/i915/display/intel_hdcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Infinite loop

EUVDB-ID: #VU100734

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53055

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the iwl_mvm_umac_scan_cfg_channels_v6_6g() function in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) NULL pointer dereference

EUVDB-ID: #VU100711

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53056

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_crtc_destroy() function in drivers/gpu/drm/mediatek/mtk_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Improper error handling

EUVDB-ID: #VU100729

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53058

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) NULL pointer dereference

EUVDB-ID: #VU100713

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Use-after-free

EUVDB-ID: #VU100708

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53068

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), __scmi_device_destroy() and __scmi_device_create() functions in drivers/firmware/arm_scmi/bus.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Resource management error

EUVDB-ID: #VU100739

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53072

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amd_pmc_s2d_init() function in drivers/platform/x86/amd/pmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) Memory leak

EUVDB-ID: #VU100701

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iwl_mvm_mac_remove_interface() function in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Memory leak

EUVDB-ID: #VU100702

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iio_gts_build_avail_scale_table() function in drivers/iio/industrialio-gts-helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Improper locking

EUVDB-ID: #VU100724

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53079

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the destroy_large_folio() function in mm/page_alloc.c, within the mem_cgroup_move_account(), mem_cgroup_move_charge_pte_range(), uncharge_folio() and mem_cgroup_swapout() functions in mm/memcontrol.c, within the __folio_undo_large_rmappable() and deferred_split_folio() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) Integer overflow

EUVDB-ID: #VU100732

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53081

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the calc_pll() function in drivers/media/i2c/ar0521.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) Input validation error

EUVDB-ID: #VU100749

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53082

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Improper locking

EUVDB-ID: #VU100726

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53085

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() and tpm_get_random() functions in drivers/char/tpm/tpm-interface.c, within the tpm_hwrng_read() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) Memory leak

EUVDB-ID: #VU100705

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53088

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) Improper locking

EUVDB-ID: #VU100834

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53093

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_add_ns_head_cdev(), nvme_mpath_alloc_disk(), nvme_mpath_set_live(), nvme_mpath_shutdown_disk() and nvme_mpath_remove_disk() functions in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) Resource management error

EUVDB-ID: #VU100835

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53094

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the siw_tcp_sendpages() function in drivers/infiniband/sw/siw/siw_qp_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) Use-after-free

EUVDB-ID: #VU100830

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53095

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) Memory leak

EUVDB-ID: #VU100936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53096

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the do_munmap(), mmap_region(), vma_set_page_prot() and vms_abort_munmap_vmas() functions in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

232) Improper locking

EUVDB-ID: #VU100939

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53100

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_tcp_get_address() function in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) Use of uninitialized resource

EUVDB-ID: #VU100940

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

235) Buffer overflow

EUVDB-ID: #VU101119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53106

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ima_eventdigest_init_common() function in security/integrity/ima/ima_template_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Use-after-free

EUVDB-ID: #VU101101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53108

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the parse_amd_vsdb() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) Buffer overflow

EUVDB-ID: #VU101116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53110

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vp_vdpa_probe() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) Improper locking

EUVDB-ID: #VU101107

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53112

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) Input validation error

EUVDB-ID: #VU101122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53114

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) Memory leak

EUVDB-ID: #VU101099

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53121

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lookup_fte_locked() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Incorrect calculation

EUVDB-ID: #VU101234

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53138

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the tx_sync_info_get(), mlx5e_ktls_tx_handle_resync_dump_comp() and mlx5e_ktls_tx_handle_ooo() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Real Time Module: 15-SP6

SUSE Linux Enterprise Live Patching: 15-SP6

SUSE Linux Enterprise Real Time 15: SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1

kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1

kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1

kernel-rt_debug: before 6.4.0-150600.10.20.1

kernel-rt: before 6.4.0-150600.10.20.1

kernel-source-rt: before 6.4.0-150600.10.20.1

kernel-devel-rt: before 6.4.0-150600.10.20.1

kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

gfs2-kmp-rt: before 6.4.0-150600.10.20.1

dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kselftests-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-syms-rt: before 6.4.0-150600.10.20.1

kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-vdso: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-extra: before 6.4.0-150600.10.20.1

kernel-rt-optional: before 6.4.0-150600.10.20.1

kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1

dlm-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1

reiserfs-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt-debugsource: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt: before 6.4.0-150600.10.20.1

ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-devel: before 6.4.0-150600.10.20.1

gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

cluster-md-kmp-rt: before 6.4.0-150600.10.20.1

kernel-rt-devel: before 6.4.0-150600.10.20.1

kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1

kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1

kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###