SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-49995 CVE-2024-50290 CVE-2024-53063 |
| CWE-ID | CWE-119 CWE-191 CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME Operating systems & Components / Operating system SUSE Linux Enterprise Server 11 Operating systems & Components / Operating system kernel-source Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-trace-devel Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-ec2-base Operating systems & Components / Operating system package or component kernel-xen-base Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-trace-base Operating systems & Components / Operating system package or component kernel-ec2-devel Operating systems & Components / Operating system package or component kernel-xen-devel Operating systems & Components / Operating system package or component kernel-trace Operating systems & Components / Operating system package or component kernel-xen Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-ec2 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU99192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.171.1
kernel-default-devel: before 3.0.101-108.171.1
kernel-trace-devel: before 3.0.101-108.171.1
kernel-default-base: before 3.0.101-108.171.1
kernel-ec2-base: before 3.0.101-108.171.1
kernel-xen-base: before 3.0.101-108.171.1
kernel-syms: before 3.0.101-108.171.1
kernel-trace-base: before 3.0.101-108.171.1
kernel-ec2-devel: before 3.0.101-108.171.1
kernel-xen-devel: before 3.0.101-108.171.1
kernel-trace: before 3.0.101-108.171.1
kernel-xen: before 3.0.101-108.171.1
kernel-default: before 3.0.101-108.171.1
kernel-ec2: before 3.0.101-108.171.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244397-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer underflow
EUVDB-ID: #VU100637
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50290
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.171.1
kernel-default-devel: before 3.0.101-108.171.1
kernel-trace-devel: before 3.0.101-108.171.1
kernel-default-base: before 3.0.101-108.171.1
kernel-ec2-base: before 3.0.101-108.171.1
kernel-xen-base: before 3.0.101-108.171.1
kernel-syms: before 3.0.101-108.171.1
kernel-trace-base: before 3.0.101-108.171.1
kernel-ec2-devel: before 3.0.101-108.171.1
kernel-xen-devel: before 3.0.101-108.171.1
kernel-trace: before 3.0.101-108.171.1
kernel-xen: before 3.0.101-108.171.1
kernel-default: before 3.0.101-108.171.1
kernel-ec2: before 3.0.101-108.171.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244397-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU100741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-source: before 3.0.101-108.171.1
kernel-default-devel: before 3.0.101-108.171.1
kernel-trace-devel: before 3.0.101-108.171.1
kernel-default-base: before 3.0.101-108.171.1
kernel-ec2-base: before 3.0.101-108.171.1
kernel-xen-base: before 3.0.101-108.171.1
kernel-syms: before 3.0.101-108.171.1
kernel-trace-base: before 3.0.101-108.171.1
kernel-ec2-devel: before 3.0.101-108.171.1
kernel-xen-devel: before 3.0.101-108.171.1
kernel-trace: before 3.0.101-108.171.1
kernel-xen: before 3.0.101-108.171.1
kernel-default: before 3.0.101-108.171.1
kernel-ec2: before 3.0.101-108.171.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20244397-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
