SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 44 |
| CVE-ID | CVE-2023-52924 CVE-2023-52925 CVE-2024-26708 CVE-2024-26810 CVE-2024-41055 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-47701 CVE-2024-49884 CVE-2024-49950 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50185 CVE-2024-53147 CVE-2024-53173 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56568 CVE-2024-56579 CVE-2024-56605 CVE-2024-56647 CVE-2024-56720 CVE-2024-57889 CVE-2024-57948 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21680 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 |
| CWE-ID | CWE-401 CWE-399 CWE-362 CWE-667 CWE-476 CWE-416 CWE-125 CWE-617 CWE-119 CWE-388 CWE-20 CWE-682 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Confidential Computing Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system kernel-source-coco Operating systems & Components / Operating system package or component kernel-devel-coco Operating systems & Components / Operating system package or component kernel-coco-debuginfo Operating systems & Components / Operating system package or component kernel-coco-debugsource Operating systems & Components / Operating system package or component reiserfs-kmp-coco Operating systems & Components / Operating system package or component kernel-coco_debug-debugsource Operating systems & Components / Operating system package or component kernel-coco_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-coco-devel Operating systems & Components / Operating system package or component kernel-coco-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-coco_debug-debuginfo Operating systems & Components / Operating system package or component kernel-syms-coco Operating systems & Components / Operating system package or component kernel-coco_debug-devel Operating systems & Components / Operating system package or component reiserfs-kmp-coco-debuginfo Operating systems & Components / Operating system package or component kernel-coco_debug Operating systems & Components / Operating system package or component kernel-coco Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 44 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU103660
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52924
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_walk() function in net/netfilter/nft_set_rbtree.c, within the nft_rhash_walk() function in net/netfilter/nft_set_hash.c, within the nf_tables_dump_setelem() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU103661
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52925
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_pipapo_get(), nft_pipapo_activate() and nft_pipapo_remove() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU93430
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26708
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the subflow_simultaneous_connect() function in net/mptcp/protocol.h. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU91318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU94979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU96834
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU97191
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45009
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU97192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45010
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU98898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47701
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU98867
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU98876
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU99442
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU99443
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU99810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50115
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Reachable assertion
EUVDB-ID: #VU100131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50185
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU101909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53147
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU102058
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53173
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU102142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53226
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU102070
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53239
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU102236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56539
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU102075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56548
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU102127
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56568
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arm_smmu_probe_device() function in drivers/iommu/arm/arm-smmu/arm-smmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper error handling
EUVDB-ID: #VU102205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56579
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU102020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56605
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU102186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56647
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the icmp_route_lookup() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU102266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56720
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU102935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57889
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ARRAY_SIZE(), mcp_pinconf_get() and mcp_pinconf_set() functions in drivers/pinctrl/pinctrl-mcp23s08.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper error handling
EUVDB-ID: #VU103592
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57948
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU103023
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21636
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_udp_port() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU103024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU103025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21638
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU103026
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21639
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU103027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21640
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU103014
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21647
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cake_ddst(), cake_enqueue() and cake_dequeue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU103582
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21680
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU103749
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21684
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Incorrect calculation
EUVDB-ID: #VU103753
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21687
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU103744
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU103742
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21689
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU103751
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21690
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU103743
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21692
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU103920
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21697
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Resource management error
EUVDB-ID: #VU103923
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21699
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU103959
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21700
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsConfidential Computing Module: 15-SP6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-source-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-devel-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-debugsource: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debugsource: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-devel: before 6.4.0-15061.18.coco15sp6.1
kernel-coco-vdso-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-syms-coco: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug-devel: before 6.4.0-15061.18.coco15sp6.1
reiserfs-kmp-coco-debuginfo: before 6.4.0-15061.18.coco15sp6.1
kernel-coco_debug: before 6.4.0-15061.18.coco15sp6.1
kernel-coco: before 6.4.0-15061.18.coco15sp6.1
CPE2.3- cpe:2.3:o:suse:confidential_computing_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco-vdso-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-coco:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-coco-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco_debug:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-coco:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
