SUSE update for the Linux Kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 75 |
| CVE-ID | CVE-2021-47162 CVE-2022-48853 CVE-2024-26801 CVE-2024-26852 CVE-2024-26886 CVE-2024-27051 CVE-2024-35937 CVE-2024-36886 CVE-2024-36905 CVE-2024-36954 CVE-2024-42098 CVE-2024-42131 CVE-2024-42229 CVE-2024-44995 CVE-2024-45016 CVE-2024-46771 CVE-2024-46777 CVE-2024-46800 CVE-2024-47660 CVE-2024-47679 CVE-2024-47701 CVE-2024-49858 CVE-2024-49868 CVE-2024-49884 CVE-2024-49921 CVE-2024-49925 CVE-2024-49938 CVE-2024-49945 CVE-2024-49950 CVE-2024-49952 CVE-2024-50044 CVE-2024-50055 CVE-2024-50073 CVE-2024-50074 CVE-2024-50095 CVE-2024-50099 CVE-2024-50115 CVE-2024-50117 CVE-2024-50125 CVE-2024-50135 CVE-2024-50148 CVE-2024-50150 CVE-2024-50154 CVE-2024-50167 CVE-2024-50171 CVE-2024-50179 CVE-2024-50183 CVE-2024-50187 CVE-2024-50194 CVE-2024-50195 CVE-2024-50210 CVE-2024-50218 CVE-2024-50234 CVE-2024-50236 CVE-2024-50237 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50273 CVE-2024-50278 CVE-2024-50279 CVE-2024-50289 CVE-2024-50290 CVE-2024-50296 CVE-2024-50301 CVE-2024-50302 CVE-2024-53058 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53085 CVE-2024-53088 CVE-2024-53104 CVE-2024-53114 CVE-2024-53142 |
| CWE-ID | CWE-416 CWE-401 CWE-476 CWE-125 CWE-362 CWE-20 CWE-190 CWE-119 CWE-667 CWE-415 CWE-399 CWE-908 CWE-191 CWE-388 CWE-787 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #66 is being exploited in the wild. Vulnerability #73 is being exploited in the wild. |
| Vulnerable software |
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Extension 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system cluster-md-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-default-man Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-default-base-debuginfo Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_237-default Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-default-kgraft-devel Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-kgraft Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 75 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU94397
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90200
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU91501
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU91093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU95100
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42098
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU95078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU96855
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU97169
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netem_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU97550
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU97501
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU98370
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47660
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU99031
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU98898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47701
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU99152
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49858
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU98969
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU98867
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU98926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU98871
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU99041
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU98875
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49945
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU98876
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU99151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU98997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50044
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rfcomm_sock_ioctl() function in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Double free
EUVDB-ID: #VU99057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50055
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the bus_remove_file() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU99442
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU99445
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50074
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU99828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50095
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU99824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50099
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU99810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50115
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU99818
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50117
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU99806
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50125
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU99826
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50135
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_pci_nr_maps() and nvme_reset_work() functions in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Resource management error
EUVDB-ID: #VU100087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50148
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU100059
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50150
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the typec_altmode_release() and typec_register_altmode() functions in drivers/usb/typec/class.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU100062
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50154
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Memory leak
EUVDB-ID: #VU100053
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50167
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the be_xmit() function in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU100056
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU100154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50179
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper locking
EUVDB-ID: #VU100126
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50183
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c, within the lpfc_cmpl_ct() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU100156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50187
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vc4_perfmon_open_file() and vc4_perfmon_close_file() functions in drivers/gpu/drm/vc4/vc4_perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU100146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50194
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Resource management error
EUVDB-ID: #VU100150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50195
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper locking
EUVDB-ID: #VU100129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50210
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU100187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50218
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_remove_inode_range() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU100184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50234
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU100162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Use of uninitialized resource
EUVDB-ID: #VU100194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50237
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU100612
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50264
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Memory leak
EUVDB-ID: #VU100610
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50265
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU100613
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50267
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU100623
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50273
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the insert_delayed_ref() function in fs/btrfs/delayed-ref.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU100619
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50278
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Out-of-bounds read
EUVDB-ID: #VU100620
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50279
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Input validation error
EUVDB-ID: #VU100652
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CI_handle() and dvb_ca_ioctl() functions in drivers/staging/media/av7110/av7110_ca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Integer underflow
EUVDB-ID: #VU100637
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50290
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU100626
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50296
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hnae3_unregister_ae_algo_prepare() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Out-of-bounds read
EUVDB-ID: #VU100622
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU100611
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
67) Improper error handling
EUVDB-ID: #VU100729
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53058
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_tso_xmit() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer overflow
EUVDB-ID: #VU100733
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Resource management error
EUVDB-ID: #VU100741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use of uninitialized resource
EUVDB-ID: #VU100730
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53066
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Improper locking
EUVDB-ID: #VU100726
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53085
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tpm_pm_suspend() and tpm_get_random() functions in drivers/char/tpm/tpm-interface.c, within the tpm_hwrng_read() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Memory leak
EUVDB-ID: #VU100705
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53088
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds write
EUVDB-ID: #VU101102
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53104
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
74) Input validation error
EUVDB-ID: #VU101122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53114
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use of uninitialized resource
EUVDB-ID: #VU101347
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53142
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_name() and do_copy() functions in init/initramfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise High Availability Extension 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE Linux Enterprise Live Patching: 12-SP5
cluster-md-kmp-default: before 4.12.14-122.237.1
dlm-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
dlm-kmp-default: before 4.12.14-122.237.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.237.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.237.1
ocfs2-kmp-default: before 4.12.14-122.237.1
gfs2-kmp-default: before 4.12.14-122.237.1
kernel-default-devel-debuginfo: before 4.12.14-122.237.1
kernel-default-man: before 4.12.14-122.237.1
kernel-macros: before 4.12.14-122.237.1
kernel-source: before 4.12.14-122.237.1
kernel-devel: before 4.12.14-122.237.1
kernel-default-base-debuginfo: before 4.12.14-122.237.1
kernel-default-base: before 4.12.14-122.237.1
kernel-default-devel: before 4.12.14-122.237.1
kernel-syms: before 4.12.14-122.237.1
kgraft-patch-4_12_14-122_237-default: before 1-8.3.1
kernel-default-debugsource: before 4.12.14-122.237.1
kernel-default-kgraft-devel: before 4.12.14-122.237.1
kernel-default-debuginfo: before 4.12.14-122.237.1
kernel-default-kgraft: before 4.12.14-122.237.1
kernel-default: before 4.12.14-122.237.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-man:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-macros:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kgraft-patch-4_12_14-122_237-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-kgraft:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244367-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
