SUSE update for the Linux Kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 146 |
| CVE-ID | CVE-2020-10135 CVE-2021-43389 CVE-2021-4439 CVE-2021-47103 CVE-2021-47191 CVE-2021-47193 CVE-2021-47267 CVE-2021-47270 CVE-2021-47293 CVE-2021-47294 CVE-2021-47297 CVE-2021-47309 CVE-2021-47328 CVE-2021-47354 CVE-2021-47372 CVE-2021-47379 CVE-2021-47407 CVE-2021-47418 CVE-2021-47434 CVE-2021-47445 CVE-2021-47518 CVE-2021-47544 CVE-2021-47566 CVE-2021-47571 CVE-2021-47576 CVE-2021-47587 CVE-2021-47589 CVE-2021-47600 CVE-2021-47602 CVE-2021-47603 CVE-2021-47609 CVE-2021-47617 CVE-2022-0435 CVE-2022-22942 CVE-2022-48711 CVE-2022-48715 CVE-2022-48722 CVE-2022-48732 CVE-2022-48733 CVE-2022-48740 CVE-2022-48743 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48771 CVE-2022-48772 CVE-2023-24023 CVE-2023-52622 CVE-2023-52675 CVE-2023-52737 CVE-2023-52752 CVE-2023-52754 CVE-2023-52757 CVE-2023-52762 CVE-2023-52764 CVE-2023-52784 CVE-2023-52808 CVE-2023-52809 CVE-2023-52832 CVE-2023-52834 CVE-2023-52835 CVE-2023-52843 CVE-2023-52845 CVE-2023-52855 CVE-2023-52881 CVE-2024-26633 CVE-2024-26641 CVE-2024-26679 CVE-2024-26687 CVE-2024-26720 CVE-2024-26813 CVE-2024-26845 CVE-2024-26863 CVE-2024-26894 CVE-2024-26923 CVE-2024-26928 CVE-2024-26973 CVE-2024-27399 CVE-2024-27410 CVE-2024-35247 CVE-2024-35807 CVE-2024-35822 CVE-2024-35835 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35867 CVE-2024-35868 CVE-2024-35870 CVE-2024-35886 CVE-2024-35896 CVE-2024-35922 CVE-2024-35925 CVE-2024-35930 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35962 CVE-2024-35976 CVE-2024-35979 CVE-2024-35997 CVE-2024-35998 CVE-2024-36016 CVE-2024-36017 CVE-2024-36025 CVE-2024-36479 CVE-2024-36880 CVE-2024-36894 CVE-2024-36915 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36938 CVE-2024-36940 CVE-2024-36949 CVE-2024-36950 CVE-2024-36960 CVE-2024-36964 CVE-2024-37021 CVE-2024-37354 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38549 CVE-2024-38552 CVE-2024-38553 CVE-2024-38565 CVE-2024-38567 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38597 CVE-2024-38601 CVE-2024-38608 CVE-2024-38618 CVE-2024-38621 CVE-2024-38627 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 |
| CWE-ID | CWE-300 CWE-129 CWE-125 CWE-416 CWE-401 CWE-476 CWE-20 CWE-399 CWE-908 CWE-667 CWE-119 CWE-835 CWE-121 CWE-264 CWE-193 CWE-191 CWE-362 CWE-347 CWE-388 CWE-190 CWE-451 CWE-824 CWE-369 CWE-200 CWE-415 CWE-665 CWE-787 CWE-269 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #34 is being exploited in the wild. Public exploit code for vulnerability #50 is available. |
| Vulnerable software |
SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system kernel-source-azure Operating systems & Components / Operating system package or component kernel-devel-azure Operating systems & Components / Operating system package or component kernel-azure-debugsource Operating systems & Components / Operating system package or component kernel-syms-azure Operating systems & Components / Operating system package or component kernel-azure-base-debuginfo Operating systems & Components / Operating system package or component kernel-azure-devel Operating systems & Components / Operating system package or component kernel-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-base Operating systems & Components / Operating system package or component kernel-azure Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 146 vulnerabilities.
1) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU28001
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-10135
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a Man-in-the-Middle (MitM) attack.
The vulnerability exists in the implementation of Bluetooth v5.0, v4.2, v4.1, v4.0 on devices manufactured by multiple vendors. A remote attacker with physical proximity to the victim can successful perform a MitM attack even against previously paired devices and gain access to sensitive information.
Below is the list of chips and devices, confirmed to be vulnerable:
| Chip | Device |
| Bluetooth v5.0 | |
| Apple 339S00397 | iPhone 8 |
| CYW20819 | CYW920819EVB-02 |
| Intel 9560 | ThinkPad L390 |
| Snapdragon 630 | Nokia 7 |
| Snapdragon 636 | Nokia X6 |
| Snapdragon 835 | Pixel 2 |
| Snapdragon 845 | Pixel 3, OnePlus 6 |
| Bluetooth v4.2 | |
| Apple 339S00056 | MacBookPro 2017 |
| Apple 339S00199 | iPhone 7plus |
| Apple 339S00448 | iPad 2018 |
| CSR 11393 | Sennheiser PXC 550 |
| Exynos 7570 | Galaxy J3 2017 |
| Intel 7265 | ThinkPad X1 3rd |
| Intel 8260 | HP ProBook 430 G3 |
| Bluetooth v4.1 | |
| CYW4334 | iPhone 5s |
| CYW4339 | Nexus 5, iPhone 6 |
| CYW43438 | RPi 3B+ |
| Snapdragon 210 | LG K4 |
| Snapdragon 410 | Motorola G3, Galaxy J5 |
| Bluetooth <= v4.0 | |
| BCM20730 | ThinkPad 41U5008 |
| BCM4329B1 | iPad MC349LL |
| CSR 6530 | PLT BB903+ |
| CSR 8648 | Philips SHB7250 |
| Exynos 3470 | Galaxy S5 mini |
| Exynos 3475 | Galaxy J3 2016 |
| Intel 1280 | Lenovo U430 |
| Intel 6205 | ThinkPad X230 |
| Snapdragon 200 | Lumia 530 |
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Validation of Array Index
EUVDB-ID: #VU63385
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43389
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU92900
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4439
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90232
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-47103
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the inet6_sk_rx_dst_set(), tcp_v6_do_rcv() and tcp_v6_early_demux() functions in net/ipv6/tcp_ipv6.c, within the udp_sk_rx_dst_set(), __udp4_lib_rcv() and udp_v4_early_demux() functions in net/ipv4/udp.c, within the tcp_v4_do_rcv(), tcp_v4_early_demux(), tcp_prequeue() and inet_sk_rx_dst_set() functions in net/ipv4/tcp_ipv4.c, within the tcp_rcv_established() function in net/ipv4/tcp_input.c, within the tcp_disconnect() function in net/ipv4/tcp.c, within the inet_sock_destruct() function in net/ipv4/af_inet.c. A local user can send specially crafted packets to the system, trigger a use-after-free error and potentially execute arbitrary code.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU90325
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47191
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU90008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47193
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pm8001_init_ccb_tag(), pm8001_pci_remove() and remove() functions in drivers/scsi/pm8001/pm8001_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU90474
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47267
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU90484
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tcm_bind() function in drivers/usb/gadget/function/f_tcm.c, within the geth_bind() function in drivers/usb/gadget/function/f_subset.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_sourcesink.c, within the gser_bind() function in drivers/usb/gadget/function/f_serial.c, within the rndis_bind() function in drivers/usb/gadget/function/f_rndis.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_printer.c, within the usb_assign_descriptors() function in drivers/usb/gadget/function/f_loopback.c, within the eem_bind() function in drivers/usb/gadget/function/f_eem.c, within the ecm_bind() function in drivers/usb/gadget/function/f_ecm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU94124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47293
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tcf_skbmod_act() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU93279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47294
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nr_heartbeat_expiry(), nr_t2timer_expiry(), nr_t4timer_expiry(), nr_idletimer_expiry() and nr_t1timer_expiry() functions in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use of uninitialized resource
EUVDB-ID: #VU90870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47297
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the caif_seqpkt_sendmsg() function in net/caif/caif_socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU90299
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47309
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/net/dst_metadata.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU91060
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47328
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iscsi_prep_bidi_ahs(), iscsi_check_tmf_restrictions(), iscsi_data_in_rsp(), EXPORT_SYMBOL_GPL(), iscsi_exec_task_mgmt_fn(), iscsi_eh_abort(), iscsi_eh_device_reset(), iscsi_session_recovery_timedout(), iscsi_conn_failure(), iscsi_eh_target_reset(), iscsi_session_setup(), iscsi_conn_setup(), iscsi_conn_teardown(), iscsi_conn_start() and iscsi_start_session_recovery() functions in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU93454
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47354
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_sched_entity_kill_jobs_cb() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU90136
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47372
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macb_remove() function in drivers/net/ethernet/cadence/macb_pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90139
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47379
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the spin_lock_irq() and blkcg_deactivate_policy() functions in block/blk-cgroup.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU93054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47407
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kvm_arch_free_vm() and kvm_arch_init_vm() functions in arch/x86/kvm/x86.c, within the kvm_page_track_cleanup() function in arch/x86/kvm/mmu/page_track.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90505
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47418
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fifo_set_limit() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU93139
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU90407
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47445
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_edp_ctrl_power() and msm_edp_ctrl_init() functions in drivers/gpu/drm/msm/edp/edp_ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU90531
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47518
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_ses_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU93138
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU93289
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47566
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU91051
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47571
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU92299
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU92353
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU92300
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU92303
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use of uninitialized resource
EUVDB-ID: #VU92372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU92355
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47603
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kauditd_send_queue() and audit_net_init() functions in kernel/audit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU93303
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Infinite loop
EUVDB-ID: #VU92929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47617
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Stack-based buffer overflow
EUVDB-ID: #VU61216
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0435
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61217
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-22942
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in the vmwgfx driver in Linux kernel. A local unprivileged user can gain access to files opened by other processes on the system through a dangling 'file' pointer.
Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
35) Input validation error
EUVDB-ID: #VU92925
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Resource management error
EUVDB-ID: #VU93180
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Memory leak
EUVDB-ID: #VU92892
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Off-by-one
EUVDB-ID: #VU92927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48732
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU92895
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU92909
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cond_list_destroy() and cond_read_list() functions in security/selinux/ss/conditional.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Integer underflow
EUVDB-ID: #VU92928
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU92898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU92915
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Resource management error
EUVDB-ID: #VU92960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Race condition
EUVDB-ID: #VU92931
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU92976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU92979
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xhci_plat_suspend() function in drivers/usb/host/xhci-plat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU92899
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU83116
Risk: Medium
CVSSv4.0: 6.7 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-24023
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
51) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) NULL pointer dereference
EUVDB-ID: #VU90547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU90740
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52737
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the extent_fiemap() and unlock_extent() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU90854
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU90069
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52757
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Buffer overflow
EUVDB-ID: #VU93622
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU90278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52764
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the set_flicker() function in drivers/media/usb/gspca/cpia1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper error handling
EUVDB-ID: #VU93650
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU90420
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52808
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU90419
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Integer overflow
EUVDB-ID: #VU91425
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Buffer overflow
EUVDB-ID: #VU93304
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52834
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds read
EUVDB-ID: #VU91084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use of uninitialized resource
EUVDB-ID: #VU90868
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52843
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use of uninitialized resource
EUVDB-ID: #VU90867
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) NULL pointer dereference
EUVDB-ID: #VU90435
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Spoofing attack
EUVDB-ID: #VU89895
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Input validation error
EUVDB-ID: #VU89267
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU92043
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26687
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU90588
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improper locking
EUVDB-ID: #VU93388
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26845
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use of uninitialized resource
EUVDB-ID: #VU90877
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Memory leak
EUVDB-ID: #VU90002
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26894
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU90192
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_debug_files_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Information disclosure
EUVDB-ID: #VU91360
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU93870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27410
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nl80211_set_interface() function in net/wireless/nl80211.c. A local user can manipulate with the interface mesh ID and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) NULL pointer dereference
EUVDB-ID: #VU93122
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Resource management error
EUVDB-ID: #VU93270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU93464
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Double free
EUVDB-ID: #VU90923
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU90152
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU90151
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-35863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the is_valid_oplock_break() function in fs/smb/client/misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU90149
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-35864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU90148
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_oplock_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU90154
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU90155
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35868
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_write() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU90158
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35870
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_mark_tcp_ses_conns_for_reconnect() and cifs_find_smb_ses() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Infinite loop
EUVDB-ID: #VU91413
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Division by zero
EUVDB-ID: #VU91372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35922
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Memory leak
EUVDB-ID: #VU89976
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Information disclosure
EUVDB-ID: #VU91343
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35956
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Input validation error
EUVDB-ID: #VU93176
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Out-of-bounds read
EUVDB-ID: #VU90305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Use-after-free
EUVDB-ID: #VU90144
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_write_request() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Infinite loop
EUVDB-ID: #VU91412
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper locking
EUVDB-ID: #VU90749
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cifs_sync_mid_result() function in fs/smb/client/transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Out-of-bounds write
EUVDB-ID: #VU89898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Off-by-one
EUVDB-ID: #VU91172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36025
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU93123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36479
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_bridge_disable(), of_fpga_bridge_get(), fpga_bridge_dev_match(), fpga_bridge_get(), fpga_bridge_put(), ATTRIBUTE_GROUPS(), fpga_bridge_register() and ERR_PTR() functions in drivers/fpga/fpga-bridge.c, within the fpga_bridge_register() function in Documentation/driver-api/fpga/fpga-bridge.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Input validation error
EUVDB-ID: #VU90850
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Improper locking
EUVDB-ID: #VU90735
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Out-of-bounds read
EUVDB-ID: #VU90268
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36915
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Buffer overflow
EUVDB-ID: #VU92094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use of uninitialized resource
EUVDB-ID: #VU90864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36923
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper error handling
EUVDB-ID: #VU92055
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU93124
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37021
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATTRIBUTE_GROUPS(), fpga_mgr_dev_match(), EXPORT_SYMBOL_GPL(), fpga_mgr_unlock(), fpga_mgr_register_full(), ERR_PTR(), fpga_mgr_register(), devm_fpga_mgr_unregister(), devm_fpga_mgr_register_full() and devm_fpga_mgr_register() functions in drivers/fpga/fpga-mgr.c, within the fpga_mgr_register() and fpga_mgr_register_full() functions in Documentation/driver-api/fpga/fpga-mgr.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Race condition
EUVDB-ID: #VU93373
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37354
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use-after-free
EUVDB-ID: #VU92306
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper locking
EUVDB-ID: #VU92369
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Improper locking
EUVDB-ID: #VU92367
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38580
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU92341
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38608
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.191.1
kernel-devel-azure: before 4.12.14-16.191.1
kernel-azure-debugsource: before 4.12.14-16.191.1
kernel-syms-azure: before 4.12.14-16.191.1
kernel-azure-base-debuginfo: before 4.12.14-16.191.1
kernel-azure-devel: before 4.12.14-16.191.1
kernel-azure-debuginfo: before 4.12.14-16.191.1
kernel-azure-base: before 4.12.14-16.191.1
kernel-azure: before 4.12.14-16.191.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242360-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
