SUSE update for the Linux Kernel

Published: 2024-09-27

Risk	Low
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2022-20368 CVE-2022-48791 CVE-2022-48839 CVE-2022-48919 CVE-2024-42232 CVE-2024-43882 CVE-2024-43883 CVE-2024-44947
CWE-ID	CWE-125 CWE-416 CWE-401 CWE-667 CWE-20
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #8 is available.
Vulnerable software	SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE Operating systems & Components / Operating system SUSE Linux Enterprise Server 11 Operating systems & Components / Operating system kernel-xen-base Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-trace-devel Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-ec2-devel Operating systems & Components / Operating system package or component kernel-xen-devel Operating systems & Components / Operating system package or component kernel-ec2-base Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-trace-base Operating systems & Components / Operating system package or component kernel-ec2 Operating systems & Components / Operating system package or component kernel-trace Operating systems & Components / Operating system package or component kernel-xen Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU67473

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20368

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU94421

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU94392

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48839

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU96413

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU95503

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU96295

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43882

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU96493

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43883

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU96711

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2024-44947

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4

SUSE Linux Enterprise Server 11: SP4

kernel-xen-base: before 3.0.101-108.162.1

kernel-default-devel: before 3.0.101-108.162.1

kernel-default-base: before 3.0.101-108.162.1

kernel-trace-devel: before 3.0.101-108.162.1

kernel-syms: before 3.0.101-108.162.1

kernel-ec2-devel: before 3.0.101-108.162.1

kernel-xen-devel: before 3.0.101-108.162.1

kernel-ec2-base: before 3.0.101-108.162.1

kernel-source: before 3.0.101-108.162.1

kernel-trace-base: before 3.0.101-108.162.1

kernel-ec2: before 3.0.101-108.162.1

kernel-trace: before 3.0.101-108.162.1

kernel-xen: before 3.0.101-108.162.1

kernel-default: before 3.0.101-108.162.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2024/suse-su-20243467-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.