Risk | Low |
Patch available | YES |
Number of vulnerabilities | 14 |
CVE-ID | CVE-2017-5753 CVE-2022-4744 CVE-2023-0394 CVE-2023-1281 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1838 CVE-2023-23001 CVE-2023-28327 CVE-2023-28464 CVE-2023-28466 |
CWE-ID | CWE-200 CWE-415 CWE-476 CWE-416 CWE-665 CWE-362 CWE-1342 CWE-466 |
Exploitation vector | Local |
Public exploit | Vulnerability #1 is being exploited in the wild. |
Vulnerable software |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Real Time Module Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system openSUSE Leap Micro Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_14_21-150400_15_23-rt Operating systems & Components / Operating system package or component kernel-rt_debug Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
EUVDB-ID: #VU9884
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU74053
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4744
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71352
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0394
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74122
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1281
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74630
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1513
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74629
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1582
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75204
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1611
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74771
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1637
CWE-ID:
CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74770
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1652
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75205
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1838
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74129
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23001
CWE-ID:
CWE-466 - Return of pointer value outside of expected range
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exist due to the regulator_get() function in drivers/scsi/ufs/ufs-mediatek.c misinterprets the return value. A local user can perform a denial of service (DoS) attack. MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74772
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28327
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74147
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28464
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74628
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28466
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Real Time Module: 15-SP4
SUSE Linux Enterprise Micro: 5.3 - 5.4
SUSE Linux Enterprise Live Patching: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise Real Time 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
openSUSE Leap Micro: 5.3
openSUSE Leap: 15.4
kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo: before 1-150400.1.3.3
kernel-livepatch-5_14_21-150400_15_23-rt: before 1-150400.1.3.3
kernel-rt_debug: before 5.14.21-150400.15.23.1
kernel-source-rt: before 5.14.21-150400.15.23.1
kernel-devel-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel: before 5.14.21-150400.15.23.1
kernel-rt-devel-debuginfo: before 5.14.21-150400.15.23.1
gfs2-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt_debug-devel-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debugsource: before 5.14.21-150400.15.23.1
gfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-syms-rt: before 5.14.21-150400.15.23.1
dlm-kmp-rt: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
ocfs2-kmp-rt: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt: before 5.14.21-150400.15.23.1
kernel-rt-devel: before 5.14.21-150400.15.23.1
dlm-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
cluster-md-kmp-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt_debug-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debuginfo: before 5.14.21-150400.15.23.1
kernel-rt-debugsource: before 5.14.21-150400.15.23.1
kernel-rt: before 5.14.21-150400.15.23.1
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231992-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.