SUSE update for the Linux Kernel



| Updated: 2025-03-12
Risk High
Patch available YES
Number of vulnerabilities 439
CVE-ID CVE-2021-47416
CVE-2021-47534
CVE-2021-47594
CVE-2022-3435
CVE-2022-45934
CVE-2022-48664
CVE-2022-48674
CVE-2022-48879
CVE-2022-48946
CVE-2022-48947
CVE-2022-48948
CVE-2022-48949
CVE-2022-48951
CVE-2022-48953
CVE-2022-48954
CVE-2022-48955
CVE-2022-48956
CVE-2022-48957
CVE-2022-48958
CVE-2022-48959
CVE-2022-48960
CVE-2022-48961
CVE-2022-48962
CVE-2022-48966
CVE-2022-48967
CVE-2022-48968
CVE-2022-48969
CVE-2022-48970
CVE-2022-48971
CVE-2022-48972
CVE-2022-48973
CVE-2022-48975
CVE-2022-48977
CVE-2022-48978
CVE-2022-48979
CVE-2022-48980
CVE-2022-48981
CVE-2022-48982
CVE-2022-48983
CVE-2022-48985
CVE-2022-48987
CVE-2022-48988
CVE-2022-48989
CVE-2022-48990
CVE-2022-48991
CVE-2022-48992
CVE-2022-48994
CVE-2022-48995
CVE-2022-48997
CVE-2022-48999
CVE-2022-49000
CVE-2022-49002
CVE-2022-49003
CVE-2022-49005
CVE-2022-49006
CVE-2022-49007
CVE-2022-49010
CVE-2022-49011
CVE-2022-49012
CVE-2022-49014
CVE-2022-49015
CVE-2022-49016
CVE-2022-49017
CVE-2022-49019
CVE-2022-49020
CVE-2022-49021
CVE-2022-49022
CVE-2022-49023
CVE-2022-49024
CVE-2022-49025
CVE-2022-49026
CVE-2022-49027
CVE-2022-49028
CVE-2022-49029
CVE-2022-49031
CVE-2022-49032
CVE-2023-2166
CVE-2023-28327
CVE-2023-52766
CVE-2023-52800
CVE-2023-52881
CVE-2023-52915
CVE-2023-52917
CVE-2023-52918
CVE-2023-52919
CVE-2023-52921
CVE-2023-52922
CVE-2023-6270
CVE-2024-26782
CVE-2024-26906
CVE-2024-26953
CVE-2024-27043
CVE-2024-35888
CVE-2024-35937
CVE-2024-35980
CVE-2024-36244
CVE-2024-36484
CVE-2024-36883
CVE-2024-36886
CVE-2024-36905
CVE-2024-36953
CVE-2024-36954
CVE-2024-36957
CVE-2024-38577
CVE-2024-38589
CVE-2024-38615
CVE-2024-39476
CVE-2024-40965
CVE-2024-40997
CVE-2024-41016
CVE-2024-41023
CVE-2024-41049
CVE-2024-42131
CVE-2024-42145
CVE-2024-42226
CVE-2024-42253
CVE-2024-43817
CVE-2024-43897
CVE-2024-44931
CVE-2024-44932
CVE-2024-44947
CVE-2024-44958
CVE-2024-44964
CVE-2024-44995
CVE-2024-45016
CVE-2024-45025
CVE-2024-46678
CVE-2024-46681
CVE-2024-46716
CVE-2024-46719
CVE-2024-46754
CVE-2024-46770
CVE-2024-46775
CVE-2024-46777
CVE-2024-46800
CVE-2024-46802
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46809
CVE-2024-46810
CVE-2024-46811
CVE-2024-46812
CVE-2024-46813
CVE-2024-46814
CVE-2024-46815
CVE-2024-46816
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46821
CVE-2024-46826
CVE-2024-46828
CVE-2024-46834
CVE-2024-46835
CVE-2024-46840
CVE-2024-46841
CVE-2024-46842
CVE-2024-46848
CVE-2024-46849
CVE-2024-46853
CVE-2024-46854
CVE-2024-46855
CVE-2024-46857
CVE-2024-46859
CVE-2024-46864
CVE-2024-46871
CVE-2024-47660
CVE-2024-47661
CVE-2024-47663
CVE-2024-47664
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CVE-2024-47673
CVE-2024-47674
CVE-2024-47679
CVE-2024-47682
CVE-2024-47684
CVE-2024-47685
CVE-2024-47692
CVE-2024-47693
CVE-2024-47695
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47699
CVE-2024-47701
CVE-2024-47704
CVE-2024-47705
CVE-2024-47706
CVE-2024-47707
CVE-2024-47709
CVE-2024-47710
CVE-2024-47712
CVE-2024-47713
CVE-2024-47718
CVE-2024-47720
CVE-2024-47723
CVE-2024-47727
CVE-2024-47728
CVE-2024-47730
CVE-2024-47735
CVE-2024-47737
CVE-2024-47738
CVE-2024-47739
CVE-2024-47742
CVE-2024-47745
CVE-2024-47747
CVE-2024-47748
CVE-2024-47749
CVE-2024-47756
CVE-2024-47757
CVE-2024-49850
CVE-2024-49851
CVE-2024-49852
CVE-2024-49855
CVE-2024-49858
CVE-2024-49860
CVE-2024-49861
CVE-2024-49863
CVE-2024-49866
CVE-2024-49867
CVE-2024-49868
CVE-2024-49870
CVE-2024-49871
CVE-2024-49875
CVE-2024-49877
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49884
CVE-2024-49886
CVE-2024-49890
CVE-2024-49891
CVE-2024-49892
CVE-2024-49894
CVE-2024-49895
CVE-2024-49896
CVE-2024-49897
CVE-2024-49899
CVE-2024-49900
CVE-2024-49901
CVE-2024-49902
CVE-2024-49903
CVE-2024-49905
CVE-2024-49906
CVE-2024-49907
CVE-2024-49908
CVE-2024-49909
CVE-2024-49911
CVE-2024-49912
CVE-2024-49913
CVE-2024-49914
CVE-2024-49917
CVE-2024-49918
CVE-2024-49919
CVE-2024-49920
CVE-2024-49921
CVE-2024-49922
CVE-2024-49923
CVE-2024-49924
CVE-2024-49925
CVE-2024-49929
CVE-2024-49930
CVE-2024-49933
CVE-2024-49934
CVE-2024-49935
CVE-2024-49936
CVE-2024-49938
CVE-2024-49939
CVE-2024-49945
CVE-2024-49946
CVE-2024-49947
CVE-2024-49949
CVE-2024-49950
CVE-2024-49954
CVE-2024-49955
CVE-2024-49957
CVE-2024-49958
CVE-2024-49959
CVE-2024-49960
CVE-2024-49962
CVE-2024-49963
CVE-2024-49965
CVE-2024-49966
CVE-2024-49967
CVE-2024-49968
CVE-2024-49969
CVE-2024-49973
CVE-2024-49974
CVE-2024-49975
CVE-2024-49981
CVE-2024-49982
CVE-2024-49983
CVE-2024-49985
CVE-2024-49989
CVE-2024-49991
CVE-2024-49993
CVE-2024-49995
CVE-2024-49996
CVE-2024-50000
CVE-2024-50001
CVE-2024-50002
CVE-2024-50003
CVE-2024-50006
CVE-2024-50007
CVE-2024-50008
CVE-2024-50009
CVE-2024-50013
CVE-2024-50014
CVE-2024-50017
CVE-2024-50019
CVE-2024-50024
CVE-2024-50025
CVE-2024-50026
CVE-2024-50028
CVE-2024-50031
CVE-2024-50033
CVE-2024-50035
CVE-2024-50041
CVE-2024-50044
CVE-2024-50045
CVE-2024-50046
CVE-2024-50047
CVE-2024-50048
CVE-2024-50049
CVE-2024-50055
CVE-2024-50058
CVE-2024-50059
CVE-2024-50061
CVE-2024-50062
CVE-2024-50063
CVE-2024-50067
CVE-2024-50073
CVE-2024-50074
CVE-2024-50077
CVE-2024-50078
CVE-2024-50081
CVE-2024-50082
CVE-2024-50089
CVE-2024-50093
CVE-2024-50095
CVE-2024-50096
CVE-2024-50098
CVE-2024-50099
CVE-2024-50103
CVE-2024-50108
CVE-2024-50110
CVE-2024-50115
CVE-2024-50116
CVE-2024-50117
CVE-2024-50124
CVE-2024-50125
CVE-2024-50127
CVE-2024-50128
CVE-2024-50131
CVE-2024-50134
CVE-2024-50135
CVE-2024-50138
CVE-2024-50141
CVE-2024-50146
CVE-2024-50147
CVE-2024-50148
CVE-2024-50150
CVE-2024-50153
CVE-2024-50154
CVE-2024-50155
CVE-2024-50156
CVE-2024-50160
CVE-2024-50167
CVE-2024-50171
CVE-2024-50179
CVE-2024-50180
CVE-2024-50182
CVE-2024-50183
CVE-2024-50184
CVE-2024-50186
CVE-2024-50187
CVE-2024-50188
CVE-2024-50189
CVE-2024-50192
CVE-2024-50194
CVE-2024-50195
CVE-2024-50196
CVE-2024-50198
CVE-2024-50201
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50215
CVE-2024-50218
CVE-2024-50229
CVE-2024-50230
CVE-2024-50232
CVE-2024-50233
CVE-2024-50234
CVE-2024-50236
CVE-2024-50237
CVE-2024-50249
CVE-2024-50255
CVE-2024-50259
CVE-2024-50261
CVE-2024-50264
CVE-2024-50265
CVE-2024-50267
CVE-2024-50268
CVE-2024-50269
CVE-2024-50271
CVE-2024-50273
CVE-2024-50274
CVE-2024-50279
CVE-2024-50282
CVE-2024-50287
CVE-2024-50289
CVE-2024-50290
CVE-2024-50292
CVE-2024-50295
CVE-2024-50298
CVE-2024-50301
CVE-2024-50302
CVE-2024-53052
CVE-2024-53058
CVE-2024-53059
CVE-2024-53060
CVE-2024-53061
CVE-2024-53063
CVE-2024-53066
CVE-2024-53068
CVE-2024-53079
CVE-2024-53085
CVE-2024-53088
CVE-2024-53104
CVE-2024-53110
CWE-ID CWE-401
CWE-476
CWE-125
CWE-190
CWE-667
CWE-416
CWE-119
CWE-787
CWE-399
CWE-415
CWE-200
CWE-20
CWE-388
CWE-191
CWE-835
CWE-682
CWE-451
CWE-908
CWE-617
CWE-362
CWE-193
CWE-665
CWE-369
CWE-404
Exploitation vector Network
Public exploit Public exploit code for vulnerability #121 is available.
Vulnerability #426 is being exploited in the wild.
Vulnerability #438 is being exploited in the wild.
Vulnerable software
 SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise High Availability Extension 15
Operating systems & Components / Operating system

Development Tools Module
Operating systems & Components / Operating system

Legacy Module
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-livepatch-SLE15-SP5_Update_21-debugsource
Operating systems & Components / Operating system package or component

kernel-default-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_55_88-default
Operating systems & Components / Operating system package or component

kernel-default-livepatch
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-default
Operating systems & Components / Operating system package or component

reiserfs-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debuginfo
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debugsource
Operating systems & Components / Operating system package or component

kernel-zfcpdump
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-64kb-debugsource
Operating systems & Components / Operating system package or component

kernel-64kb-devel
Operating systems & Components / Operating system package or component

kernel-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 439 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU89967

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47416

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU91617

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47534

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU92336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47594

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU70499

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3435

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU70464

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45934

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the l2cap_config_req() function in net/bluetooth/l2cap_core.c in Linux kernel. A local user can pass specially crafted L2CAP_CONF_REQ packets to the device, trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU92031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48664

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the close_ctree() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90174

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the fs/erofs/internal.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU96355

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU99095

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48947

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the l2cap_config_req() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU99096

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48948

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the uvc_function_ep0_complete() function in drivers/usb/gadget/function/f_uvc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU99153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48949

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_vf_reset_msg() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU99179

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48951

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU99139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48953

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmos_check_acpi_rtc_status(), cmos_pnp_probe(), cmos_of_init() and cmos_platform_probe() functions in drivers/rtc/rtc-cmos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Double free

EUVDB-ID: #VU99050

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48954

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the qeth_l2_br2dev_worker() and dev_put() functions in drivers/s390/net/qeth_l2_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU99103

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48955

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the tbnet_open() function in drivers/net/thunderbolt.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU99165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU99104

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48957

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU99105

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48958

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the greth_init_rings() function in drivers/net/ethernet/aeroflex/greth.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Information disclosure

EUVDB-ID: #VU99106

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48959

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sja1105_setup_devlink_regions() function in drivers/net/dsa/sja1105/sja1105_devlink.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU99164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU99208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU99210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU99211

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Information disclosure

EUVDB-ID: #VU99109

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48968

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the otx2_init_tc() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU99131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48969

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU99140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48970

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sk_diag_show_rqlen(), sk_diag_fill(), sk_diag_dump() and unix_diag_dump() functions in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU99141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48971

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bt_init() and sock_unregister() functions in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Resource management error

EUVDB-ID: #VU99163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48972

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper error handling

EUVDB-ID: #VU99065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48973

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information disclosure

EUVDB-ID: #VU99110

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48975

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU99217

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the can_rcv() and canfd_rcv() functions in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU99142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU99216

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48979

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU99002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sja1105_init_l2_policing() function in drivers/net/dsa/sja1105/sja1105_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Double free

EUVDB-ID: #VU99051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48981

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU98992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48982

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_register_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU99003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48983

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_tctx_exit_cb() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer overflow

EUVDB-ID: #VU99097

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48985

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mana_poll_rx_cq() and mana_cq_handler() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU99035

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48987

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the v4l2_valid_dv_timings() function in drivers/media/v4l2-core/v4l2-dv-timings.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU99197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48988

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Resource management error

EUVDB-ID: #VU99138

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48989

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the set_bit() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Integer underflow

EUVDB-ID: #VU99093

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48990

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the amdgpu_job_free_cb() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU99215

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48991

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU99214

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU99195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Double free

EUVDB-ID: #VU99052

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48995

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the raydium_i2c_send() function in drivers/input/touchscreen/raydium_i2c_ts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU99004

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48997

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() function in drivers/char/tpm/tpm-interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU99206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48999

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ipv4_fcnal() function in tools/testing/selftests/net/fib_nexthops.sh, within the fib_nh_match() function in net/ipv4/fib_semantics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper error handling

EUVDB-ID: #VU99060

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49000

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the has_external_pci() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper error handling

EUVDB-ID: #VU99066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49002

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU99005

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49003

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_mpath_revalidate_paths() function in drivers/nvme/host/multipath.c, within the nvme_ns_remove() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU99213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Infinite loop

EUVDB-ID: #VU99119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49006

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU99036

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU99037

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49010

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Information disclosure

EUVDB-ID: #VU99113

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49011

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Information disclosure

EUVDB-ID: #VU99114

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49012

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the afs_put_server() function in fs/afs/server.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Incorrect calculation

EUVDB-ID: #VU99182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49014

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __tun_detach() and tun_detach() functions in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU99199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hsr_deliver_master() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU99162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49016

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the phy_mdio_device_free() function in drivers/net/phy/phy_device.c, within the fwnode_mdiobus_register_phy() function in drivers/net/mdio/fwnode_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Double free

EUVDB-ID: #VU99053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49017

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the tipc_crypto_key_synch() function in net/tipc/crypto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Infinite loop

EUVDB-ID: #VU99120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49019

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the nixge_hw_dma_bd_release() function in drivers/net/ethernet/ni/nixge.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Information disclosure

EUVDB-ID: #VU99116

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource management error

EUVDB-ID: #VU99136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU99200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_get_rate_duration() function in net/mac80211/airtime.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer overflow

EUVDB-ID: #VU99098

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49023

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cfg80211_gen_new_ie() function in net/wireless/scan.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper error handling

EUVDB-ID: #VU99068

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49024

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the m_can_pci_probe() and m_can_pci_remove() functions in drivers/net/can/m_can/m_can_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Input validation error

EUVDB-ID: #VU99201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49025

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Double free

EUVDB-ID: #VU99054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49026

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper locking

EUVDB-ID: #VU99007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49027

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iavf_init_module() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper locking

EUVDB-ID: #VU99008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49028

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ixgbevf_init_module() function in drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Resource management error

EUVDB-ID: #VU99161

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49029

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Input validation error

EUVDB-ID: #VU99202

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the afe4403_read_raw() function in drivers/iio/health/afe4403.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Out-of-bounds write

EUVDB-ID: #VU99180

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49032

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the afe4404_read_raw() and afe4404_write_raw() functions in drivers/iio/health/afe4404.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU79495

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2166

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU74772

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-28327

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Out-of-bounds read

EUVDB-ID: #VU91086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52766

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU90071

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU96934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52915

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) NULL pointer dereference

EUVDB-ID: #VU99255

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use-after-free

EUVDB-ID: #VU100617

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52921

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_pass1() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Use-after-free

EUVDB-ID: #VU101033

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52922

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Double free

EUVDB-ID: #VU90927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26782

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper error handling

EUVDB-ID: #VU92944

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26906

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Information disclosure

EUVDB-ID: #VU91359

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26953

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use of uninitialized resource

EUVDB-ID: #VU90873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35888

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Out-of-bounds read

EUVDB-ID: #VU91093

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35937

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Integer underflow

EUVDB-ID: #VU91667

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35980

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the arch/arm64/include/asm/tlbflush.h. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU93252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36244

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Out-of-bounds read

EUVDB-ID: #VU90272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36883

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use-after-free

EUVDB-ID: #VU90049

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-36886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Race condition

EUVDB-ID: #VU93375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36905

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper error handling

EUVDB-ID: #VU93450

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36953

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Memory leak

EUVDB-ID: #VU90431

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36954

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Off-by-one

EUVDB-ID: #VU91171

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36957

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Buffer overflow

EUVDB-ID: #VU92378

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38577

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Input validation error

EUVDB-ID: #VU94120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38615

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper locking

EUVDB-ID: #VU93824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39476

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper locking

EUVDB-ID: #VU94276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Memory leak

EUVDB-ID: #VU94210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40997

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Memory leak

EUVDB-ID: #VU94924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41023

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Use-after-free

EUVDB-ID: #VU94947

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Integer overflow

EUVDB-ID: #VU95035

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42131

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Buffer overflow

EUVDB-ID: #VU95054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Resource management error

EUVDB-ID: #VU95063

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42226

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the handle_tx_event() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Resource management error

EUVDB-ID: #VU95562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42253

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pca953x_irq_bus_sync_unlock() function in drivers/gpio/gpio-pca953x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Input validation error

EUVDB-ID: #VU96160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43817

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Input validation error

EUVDB-ID: #VU96541

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43897

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __udp_gso_segment() function in net/ipv4/udp_offload.c, within the tcp_gso_segment() function in net/ipv4/tcp_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU96516

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idpf_vport_intr_napi_dis_all() and idpf_vport_intr_rel() functions in drivers/net/ethernet/intel/idpf/idpf_txrx.c, within the idpf_vport_stop(), idpf_vport_open() and idpf_send_map_unmap_queue_vector_msg() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

122) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Memory leak

EUVDB-ID: #VU96831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44964

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the idpf_rx_init_buf_tail(), idpf_vport_open(), idpf_init_task(), idpf_initiate_soft_reset() and idpf_open() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Use-after-free

EUVDB-ID: #VU97169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Incorrect calculation

EUVDB-ID: #VU97193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45025

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improper locking

EUVDB-ID: #VU97266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46678

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Infinite loop

EUVDB-ID: #VU97278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46681

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Input validation error

EUVDB-ID: #VU97572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46716

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) NULL pointer dereference

EUVDB-ID: #VU97534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46719

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Input validation error

EUVDB-ID: #VU97566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU97520

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46770

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Input validation error

EUVDB-ID: #VU97568

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46775

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perform_link_training_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c, within the hubbub2_program_watermarks() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c, within the dc_dmub_srv_cmd_run_list() and dc_dmub_srv_get_visual_confirm_color_cmd() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Integer overflow

EUVDB-ID: #VU97550

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46777

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46804

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) NULL pointer dereference

EUVDB-ID: #VU97793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46805

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU97794

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Improper error handling

EUVDB-ID: #VU97813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) NULL pointer dereference

EUVDB-ID: #VU97796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46810

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Reachable assertion

EUVDB-ID: #VU97812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46811

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the dcn321_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c, within the dcn32_update_bw_bounding_box_fpu() function in drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c, within the dcn303_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c, within the dcn302_fpu_update_bw_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Input validation error

EUVDB-ID: #VU97845

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46812

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Out-of-bounds read

EUVDB-ID: #VU97785

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46813

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Input validation error

EUVDB-ID: #VU97844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46814

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hdmi_14_process_transaction() and dp_11_process_transaction() functions in drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Input validation error

EUVDB-ID: #VU97843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46815

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Resource management error

EUVDB-ID: #VU97829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46816

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Resource management error

EUVDB-ID: #VU97830

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46817

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Input validation error

EUVDB-ID: #VU97841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46821

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Out-of-bounds read

EUVDB-ID: #VU97786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Out-of-bounds read

EUVDB-ID: #VU97789

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46834

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Resource management error

EUVDB-ID: #VU97831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46835

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Improper error handling

EUVDB-ID: #VU97814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46841

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Use-after-free

EUVDB-ID: #VU97779

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46842

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Infinite loop

EUVDB-ID: #VU97820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46848

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Use-after-free

EUVDB-ID: #VU97781

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46849

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the axg_card_add_tdm_loopback() function in sound/soc/meson/axg-card.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Memory leak

EUVDB-ID: #VU97776

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Memory leak

EUVDB-ID: #VU97777

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46855

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) NULL pointer dereference

EUVDB-ID: #VU97801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_eswitch_set_vepa() and mlx5_eswitch_get_vepa() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/legacy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Out-of-bounds read

EUVDB-ID: #VU97791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46859

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Improper Initialization

EUVDB-ID: #VU97825

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46864

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the hv_machine_shutdown() function in arch/x86/kernel/cpu/mshyperv.c, within the EXPORT_SYMBOL_GPL(), register_syscore_ops() and wrmsrl() functions in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Input validation error

EUVDB-ID: #VU98381

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46871

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Improper locking

EUVDB-ID: #VU98370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47660

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Buffer overflow

EUVDB-ID: #VU98371

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47661

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Division by zero

EUVDB-ID: #VU98372

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47663

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Division by zero

EUVDB-ID: #VU98373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47664

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Input validation error

EUVDB-ID: #VU98379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47667

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Buffer overflow

EUVDB-ID: #VU98376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Use-after-free

EUVDB-ID: #VU98598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Out-of-bounds read

EUVDB-ID: #VU98916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47682

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) NULL pointer dereference

EUVDB-ID: #VU98983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cld_pipe_inprogress_downcall() function in fs/nfsd/nfs4recover.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) NULL pointer dereference

EUVDB-ID: #VU98986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47704

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hpo_dp_throttled_vcp_size() and disable_hpo_dp_link_output() functions in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) NULL pointer dereference

EUVDB-ID: #VU98987

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47705

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Improper locking

EUVDB-ID: #VU99033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47710

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sock_hash_free() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) NULL pointer dereference

EUVDB-ID: #VU98991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Input validation error

EUVDB-ID: #VU99231

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47727

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the handle_mmio() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Memory leak

EUVDB-ID: #VU98856

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47728

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Input validation error

EUVDB-ID: #VU99227

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qm_set_vf_mse(), qm_controller_reset_prepare(), qm_master_ooo_check() and qm_soft_reset_prepare() functions in drivers/crypto/hisilicon/qm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) Resource management error

EUVDB-ID: #VU99175

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47738

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Improper locking

EUVDB-ID: #VU99021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Use-after-free

EUVDB-ID: #VU98888

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47747

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ether3_remove() function in drivers/net/ethernet/seeq/ether3.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Use-after-free

EUVDB-ID: #VU98889

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) NULL pointer dereference

EUVDB-ID: #VU98974

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49850

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bpf_core_apply() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

221) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

222) Buffer overflow

EUVDB-ID: #VU99152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

223) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

224) Use of uninitialized resource

EUVDB-ID: #VU99086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49861

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

225) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

226) Resource management error

EUVDB-ID: #VU99146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49866

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

227) Use-after-free

EUVDB-ID: #VU98885

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49867

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

228) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

229) Memory leak

EUVDB-ID: #VU98851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

230) NULL pointer dereference

EUVDB-ID: #VU98968

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

231) Improper locking

EUVDB-ID: #VU99020

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

232) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

233) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

234) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

235) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

236) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

237) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

238) Out-of-bounds read

EUVDB-ID: #VU98903

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

239) NULL pointer dereference

EUVDB-ID: #VU98964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49890

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

240) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

241) Input validation error

EUVDB-ID: #VU99224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49892

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

242) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

243) Out-of-bounds read

EUVDB-ID: #VU98911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

244) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

245) Improper error handling

EUVDB-ID: #VU99072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49897

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

246) Input validation error

EUVDB-ID: #VU99225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49899

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

247) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

248) NULL pointer dereference

EUVDB-ID: #VU98960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

249) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

250) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

251) NULL pointer dereference

EUVDB-ID: #VU98958

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

252) NULL pointer dereference

EUVDB-ID: #VU98940

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49906

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

253) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

254) NULL pointer dereference

EUVDB-ID: #VU98939

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49908

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

255) NULL pointer dereference

EUVDB-ID: #VU98938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49909

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

256) NULL pointer dereference

EUVDB-ID: #VU98936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

257) NULL pointer dereference

EUVDB-ID: #VU98935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49912

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the planes_changed_for_existing_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

258) NULL pointer dereference

EUVDB-ID: #VU98934

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49913

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

259) NULL pointer dereference

EUVDB-ID: #VU98933

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

260) NULL pointer dereference

EUVDB-ID: #VU98930

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

261) NULL pointer dereference

EUVDB-ID: #VU98929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_acquire_idle_pipe_for_head_pipe_in_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

262) NULL pointer dereference

EUVDB-ID: #VU98928

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn201_acquire_free_pipe_for_layer() function in drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

263) NULL pointer dereference

EUVDB-ID: #VU98927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

264) NULL pointer dereference

EUVDB-ID: #VU98926

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49921

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

265) NULL pointer dereference

EUVDB-ID: #VU98924

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49922

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

266) NULL pointer dereference

EUVDB-ID: #VU98950

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49923

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

267) Use-after-free

EUVDB-ID: #VU98870

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

268) Use-after-free

EUVDB-ID: #VU98871

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49925

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

269) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

270) Out-of-bounds read

EUVDB-ID: #VU98908

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

271) Out-of-bounds read

EUVDB-ID: #VU98906

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49933

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

272) Use-after-free

EUVDB-ID: #VU98872

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

273) Race condition

EUVDB-ID: #VU99178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49935

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

274) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

275) Input validation error

EUVDB-ID: #VU99041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

276) Improper locking

EUVDB-ID: #VU99019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

277) Use-after-free

EUVDB-ID: #VU98875

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49945

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

278) Improper locking

EUVDB-ID: #VU99018

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49946

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ppp_channel_bridge_input() function in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

279) Resource management error

EUVDB-ID: #VU99170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49947

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

280) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

281) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

282) Resource management error

EUVDB-ID: #VU99149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49954

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

283) Resource management error

EUVDB-ID: #VU99172

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49955

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

284) NULL pointer dereference

EUVDB-ID: #VU98941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

285) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

286) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

287) Use-after-free

EUVDB-ID: #VU98877

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flush_work() function in fs/ext4/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

288) NULL pointer dereference

EUVDB-ID: #VU98949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49962

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

289) Resource management error

EUVDB-ID: #VU99150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49963

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

290) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

291) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

292) Input validation error

EUVDB-ID: #VU99223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

293) Input validation error

EUVDB-ID: #VU99226

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

294) Out-of-bounds read

EUVDB-ID: #VU98905

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

295) Buffer overflow

EUVDB-ID: #VU99156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49973

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

296) Input validation error

EUVDB-ID: #VU99220

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

297) Memory leak

EUVDB-ID: #VU98854

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49975

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

298) Use-after-free

EUVDB-ID: #VU98878

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

299) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

300) Use-after-free

EUVDB-ID: #VU98880

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49983

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

301) Improper locking

EUVDB-ID: #VU99013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49985

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32f7_i2c_runtime_suspend() and stm32f7_i2c_runtime_resume() functions in drivers/i2c/busses/i2c-stm32f7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

302) Double free

EUVDB-ID: #VU99058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49989

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the link_destruct() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

303) Use-after-free

EUVDB-ID: #VU98882

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

304) Improper locking

EUVDB-ID: #VU99012

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49993

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_iommu() and raw_spin_lock() functions in drivers/iommu/intel/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

305) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

306) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

307) NULL pointer dereference

EUVDB-ID: #VU98943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50000

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_tir_builder_alloc() function in drivers/net/ethernet/mellanox/mlx5/core/en/tir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

308) Buffer overflow

EUVDB-ID: #VU99157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50001

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

309) NULL pointer dereference

EUVDB-ID: #VU98942

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50002

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

310) Input validation error

EUVDB-ID: #VU99218

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50003

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dmub_hpd_callback() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

311) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

312) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

313) Resource management error

EUVDB-ID: #VU99167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50008

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

314) NULL pointer dereference

EUVDB-ID: #VU98923

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50009

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

315) Memory leak

EUVDB-ID: #VU98850

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50013

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exfat_load_bitmap() function in fs/exfat/balloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

316) Improper locking

EUVDB-ID: #VU99010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50014

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

317) Input validation error

EUVDB-ID: #VU99219

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ident_pud_init() function in arch/x86/mm/ident_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

318) Resource management error

EUVDB-ID: #VU99160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50019

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kthread_unpark() function in kernel/kthread.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

319) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

320) Improper locking

EUVDB-ID: #VU99001

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50025

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fnic_probe() function in drivers/scsi/fnic/fnic_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

321) Improper Initialization

EUVDB-ID: #VU99129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50026

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the wd33c93_intr() function in drivers/scsi/wd33c93.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

322) Incorrect calculation

EUVDB-ID: #VU99184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50028

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

323) Resource management error

EUVDB-ID: #VU99135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the v3d_perfmon_open_file() and v3d_perfmon_idr_del() functions in drivers/gpu/drm/v3d/v3d_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

324) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

325) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

326) Improper locking

EUVDB-ID: #VU98999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50041

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_vc_get_vf_resources_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c, within the i40e_add_mac_filter() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

327) Improper locking

EUVDB-ID: #VU98997

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50044

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

328) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

329) Improper locking

EUVDB-ID: #VU98996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50046

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs42_complete_copies() function in fs/nfs/nfs4state.c, within the handle_async_copy() function in fs/nfs/nfs42proc.c, within the nfs_alloc_server() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

330) Improper locking

EUVDB-ID: #VU98995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

331) Improper error handling

EUVDB-ID: #VU99061

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50048

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

332) Input validation error

EUVDB-ID: #VU99203

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_validate_seamless_boot_timing() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

333) Double free

EUVDB-ID: #VU99057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50055

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

334) Input validation error

EUVDB-ID: #VU99205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

335) Race condition

EUVDB-ID: #VU99125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50059

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

336) Race condition

EUVDB-ID: #VU99126

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50061

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

337) Input validation error

EUVDB-ID: #VU99039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50062

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rtrs_srv_info_req_done() and post_recv_path() functions in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

338) Buffer overflow

EUVDB-ID: #VU99190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50063

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

339) Use-after-free

EUVDB-ID: #VU99434

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50067

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

340) Use-after-free

EUVDB-ID: #VU99442

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

341) Out-of-bounds read

EUVDB-ID: #VU99445

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

342) Improper error handling

EUVDB-ID: #VU99453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50077

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iso_init() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

343) Improper error handling

EUVDB-ID: #VU99454

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50078

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bt_exit() function in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

344) Improper Initialization

EUVDB-ID: #VU99456

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50081

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the blk_mq_init_allocated_queue() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

345) Improper locking

EUVDB-ID: #VU99451

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50082

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

346) Input validation error

EUVDB-ID: #VU99849

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50089

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

347) Resource management error

EUVDB-ID: #VU99842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50093

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the proc_thermal_pci_remove() function in drivers/thermal/intel/int340x_thermal/processor_thermal_device_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

348) Improper locking

EUVDB-ID: #VU99828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50095

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

349) Buffer overflow

EUVDB-ID: #VU99843

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50096

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

350) Improper locking

EUVDB-ID: #VU99823

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ufshcd_wl_shutdown() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

351) Improper locking

EUVDB-ID: #VU99824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

352) NULL pointer dereference

EUVDB-ID: #VU99814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50103

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

353) Resource management error

EUVDB-ID: #VU99839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50108

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the is_psr_su_specific_panel() function in drivers/gpu/drm/amd/display/modules/power/power_helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

354) Memory leak

EUVDB-ID: #VU99801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50110

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the copy_to_user_auth() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

355) Out-of-bounds read

EUVDB-ID: #VU99810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50115

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

356) Improper error handling

EUVDB-ID: #VU99831

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50116

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

357) NULL pointer dereference

EUVDB-ID: #VU99818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50117

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

358) Use-after-free

EUVDB-ID: #VU99805

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50124

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ISO_CONN_TIMEOUT(), iso_sock_timeout() and iso_conn_del() functions in net/bluetooth/iso.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

359) Use-after-free

EUVDB-ID: #VU99806

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50125

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

360) Use-after-free

EUVDB-ID: #VU99808

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50127

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

361) Out-of-bounds read

EUVDB-ID: #VU99812

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50128

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wwan/wwan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

362) Improper error handling

EUVDB-ID: #VU99833

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50131

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the traceprobe_parse_event_name() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

363) Buffer overflow

EUVDB-ID: #VU99837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

364) Improper locking

EUVDB-ID: #VU99826

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50135

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_pci_nr_maps() and nvme_reset_work() functions in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

365) Improper locking

EUVDB-ID: #VU99827

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50138

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bpf_ringbuf_alloc() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

366) Improper locking

EUVDB-ID: #VU100077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efi_pa_va_lookup(), acpi_parse_prmt() and acpi_platformrt_space_handler() functions in drivers/acpi/prmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

367) NULL pointer dereference

EUVDB-ID: #VU100071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50146

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the _mlx5e_remove() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

368) NULL pointer dereference

EUVDB-ID: #VU100072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50147

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_cmd_comp_handler(), mlx5_cmd_trigger_completions() and mlx5_cmd_enable() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

369) Resource management error

EUVDB-ID: #VU100087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50148

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

370) Use-after-free

EUVDB-ID: #VU100059

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

371) Use-after-free

EUVDB-ID: #VU100061

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50153

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

372) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

373) Improper locking

EUVDB-ID: #VU100078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50155

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nsim_dev_trap_report_work() and nsim_dev_traps_init() functions in drivers/net/netdevsim/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

374) NULL pointer dereference

EUVDB-ID: #VU100073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50156

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_disp_state_dump_regs() and msm_disp_state_print() functions in drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

375) NULL pointer dereference

EUVDB-ID: #VU100074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50160

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dolphin_fixups() function in sound/pci/hda/patch_cs8409.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

376) Memory leak

EUVDB-ID: #VU100053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50167

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

377) Memory leak

EUVDB-ID: #VU100056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

378) Input validation error

EUVDB-ID: #VU100154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50179

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

379) Buffer overflow

EUVDB-ID: #VU100137

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

380) Buffer overflow

EUVDB-ID: #VU100147

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() and secretmem_init() functions in mm/secretmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

381) Improper locking

EUVDB-ID: #VU100126

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50183

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

382) Resource management error

EUVDB-ID: #VU100143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50184

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

383) NULL pointer dereference

EUVDB-ID: #VU100122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50186

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sock_create() function in net/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

384) Input validation error

EUVDB-ID: #VU100156

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50187

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

385) Buffer overflow

EUVDB-ID: #VU100138

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp83869_configure_fiber() function in drivers/net/phy/dp83869.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

386) Buffer overflow

EUVDB-ID: #VU100145

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the amd_sfh_hid_client_init() and amd_sfh_hid_client_deinit() functions in drivers/hid/amd-sfh-hid/amd_sfh_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

387) Resource management error

EUVDB-ID: #VU100144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50192

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_build_vmapp_cmd(), its_vpe_set_affinity() and its_vpe_init() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

388) Buffer overflow

EUVDB-ID: #VU100146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

389) Resource management error

EUVDB-ID: #VU100150

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50195

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

390) Infinite loop

EUVDB-ID: #VU100142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50196

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ocelot_irq_handler() function in drivers/pinctrl/pinctrl-ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

391) NULL pointer dereference

EUVDB-ID: #VU100123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50198

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

392) Resource management error

EUVDB-ID: #VU100151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the radeon_encoder_clones() function in drivers/gpu/drm/radeon/radeon_encoders.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

393) Use of uninitialized resource

EUVDB-ID: #VU100136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50205

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

394) Buffer overflow

EUVDB-ID: #VU100141

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50208

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

395) Buffer overflow

EUVDB-ID: #VU100148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50209

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

396) Double free

EUVDB-ID: #VU100190

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50215

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvmet_setup_dhgroup() function in drivers/nvme/target/auth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

397) Input validation error

EUVDB-ID: #VU100187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50218

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

398) Improper locking

EUVDB-ID: #VU100183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50229

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_symlink() function in fs/nilfs2/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

399) Input validation error

EUVDB-ID: #VU100188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50230

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_clear_dirty_page() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

400) Division by zero

EUVDB-ID: #VU100199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50232

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7124_write_raw() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

401) Division by zero

EUVDB-ID: #VU100200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50233

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

402) Improper locking

EUVDB-ID: #VU100184

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

403) Memory leak

EUVDB-ID: #VU100162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

404) Use of uninitialized resource

EUVDB-ID: #VU100194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

405) Improper locking

EUVDB-ID: #VU100186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50249

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

406) NULL pointer dereference

EUVDB-ID: #VU100180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50255

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __hci_cmd_sync_sk() and __hci_cmd_sync_status_sk() functions in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

407) Input validation error

EUVDB-ID: #VU100204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50259

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nsim_nexthop_bucket_activity_write() function in drivers/net/netdevsim/fib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

408) Use-after-free

EUVDB-ID: #VU100169

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50261

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macsec_free_netdev() function in drivers/net/macsec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

409) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

410) Memory leak

EUVDB-ID: #VU100610

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50265

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

411) Use-after-free

EUVDB-ID: #VU100613

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50267

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

412) Out-of-bounds read

EUVDB-ID: #VU100618

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

413) Improper resource shutdown or release

EUVDB-ID: #VU100649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50269

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the sunxi_musb_exit() function in drivers/usb/musb/sunxi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

414) Improper locking

EUVDB-ID: #VU100628

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50271

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dec_rlimit_put_ucounts() and inc_rlimit_get_ucounts() functions in kernel/ucount.c, within the __sigqueue_alloc() function in kernel/signal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

415) NULL pointer dereference

EUVDB-ID: #VU100623

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50273

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

416) Improper locking

EUVDB-ID: #VU100629

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50274

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the idpf_handle_event_link() function in drivers/net/ethernet/intel/idpf/idpf_virtchnl.c, within the idpf_initiate_soft_reset() function in drivers/net/ethernet/intel/idpf/idpf_lib.c, within the idpf_set_msglevel() function in drivers/net/ethernet/intel/idpf/idpf_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

417) Out-of-bounds read

EUVDB-ID: #VU100620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50279

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

418) Buffer overflow

EUVDB-ID: #VU100638

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50282

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the amdgpu_debugfs_regs_smc_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

419) Division by zero

EUVDB-ID: #VU100639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50287

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

420) Input validation error

EUVDB-ID: #VU100652

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50289

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

421) Integer underflow

EUVDB-ID: #VU100637

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50290

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

422) NULL pointer dereference

EUVDB-ID: #VU100625

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50292

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

423) Resource management error

EUVDB-ID: #VU100646

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50295

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arc_emac_tx_clean(), arc_emac_rx(), arc_emac_open(), arc_emac_set_rx_mode(), arc_free_tx_queue(), arc_free_rx_queue() and arc_emac_tx() functions in drivers/net/ethernet/arc/emac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

424) NULL pointer dereference

EUVDB-ID: #VU100627

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50298

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the enetc_sriov_configure(), enetc_pf_probe(), free_netdev() and enetc_pf_remove() functions in drivers/net/ethernet/freescale/enetc/enetc_pf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

425) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

426) Memory leak

EUVDB-ID: #VU100611

Risk: Medium

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2024-50302

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

427) Improper locking

EUVDB-ID: #VU100720

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53052

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_write_prep() and io_write() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

428) Improper error handling

EUVDB-ID: #VU100729

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53058

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

429) Input validation error

EUVDB-ID: #VU100728

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53059

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

430) NULL pointer dereference

EUVDB-ID: #VU100713

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

431) Buffer overflow

EUVDB-ID: #VU100733

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53061

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

432) Resource management error

EUVDB-ID: #VU100741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

433) Use of uninitialized resource

EUVDB-ID: #VU100730

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53066

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

434) Use-after-free

EUVDB-ID: #VU100708

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53068

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), __scmi_device_destroy() and __scmi_device_create() functions in drivers/firmware/arm_scmi/bus.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

435) Improper locking

EUVDB-ID: #VU100724

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53079

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the destroy_large_folio() function in mm/page_alloc.c, within the mem_cgroup_move_account(), mem_cgroup_move_charge_pte_range(), uncharge_folio() and mem_cgroup_swapout() functions in mm/memcontrol.c, within the __folio_undo_large_rmappable() and deferred_split_folio() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

436) Improper locking

EUVDB-ID: #VU100726

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53085

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() and tpm_get_random() functions in drivers/char/tpm/tpm-interface.c, within the tpm_hwrng_read() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

437) Memory leak

EUVDB-ID: #VU100705

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53088

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

438) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

439) Buffer overflow

EUVDB-ID: #VU101116

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53110

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vp_vdpa_probe() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###