SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2017-1000253 CVE-2017-14051 CVE-2017-2636 CVE-2022-20368 CVE-2022-48839 CVE-2024-53146 CVE-2024-53156 CVE-2024-53173 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56598 CVE-2024-56604 CVE-2024-56605 CVE-2024-56619 |
| CWE-ID | CWE-119 CWE-190 CWE-362 CWE-125 CWE-401 CWE-416 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software |
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME Operating systems & Components / Operating system SUSE Linux Enterprise Server 11 Operating systems & Components / Operating system kernel-xen-base Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-trace-base Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-ec2-devel Operating systems & Components / Operating system package or component kernel-xen-devel Operating systems & Components / Operating system package or component kernel-ec2-base Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-trace-devel Operating systems & Components / Operating system package or component kernel-xen Operating systems & Components / Operating system package or component kernel-trace Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-ec2 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU8638
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-1000253
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error when loading of Executable and Linkable Format (ELF) executables. A local user can create a specially crafted ELF binary, trigger memory corruption and execute arbitrary code on the vulnerable system with root privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Integer overflow
EUVDB-ID: #VU10715
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-14051
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU92796
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-2636
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU67473
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU94392
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU101921
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53146
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU101911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53156
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU102058
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53173
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU102070
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53239
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU102236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56539
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU102075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56548
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU102085
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU102019
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56604
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU102020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56605
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU102022
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-xen-base: before 3.0.101-108.174.1
kernel-syms: before 3.0.101-108.174.1
kernel-source: before 3.0.101-108.174.1
kernel-trace-base: before 3.0.101-108.174.1
kernel-default-devel: before 3.0.101-108.174.1
kernel-ec2-devel: before 3.0.101-108.174.1
kernel-xen-devel: before 3.0.101-108.174.1
kernel-ec2-base: before 3.0.101-108.174.1
kernel-default-base: before 3.0.101-108.174.1
kernel-trace-devel: before 3.0.101-108.174.1
kernel-xen: before 3.0.101-108.174.1
kernel-trace: before 3.0.101-108.174.1
kernel-default: before 3.0.101-108.174.1
kernel-ec2: before 3.0.101-108.174.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250152-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
