Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 31 |
CVE-ID | CVE-2022-0854 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48686 CVE-2022-48791 CVE-2022-48802 CVE-2022-48805 CVE-2022-48839 CVE-2022-48853 CVE-2022-48872 CVE-2022-48873 CVE-2022-48901 CVE-2022-48912 CVE-2022-48919 CVE-2022-48925 CVE-2023-1582 CVE-2023-2176 CVE-2023-52854 CVE-2024-26583 CVE-2024-26584 CVE-2024-26800 CVE-2024-41011 CVE-2024-41062 CVE-2024-42077 CVE-2024-42232 CVE-2024-42271 CVE-2024-43861 CVE-2024-43882 CVE-2024-43883 CVE-2024-44947 |
CWE-ID | CWE-401 CWE-125 CWE-787 CWE-416 CWE-388 CWE-667 CWE-362 CWE-20 CWE-476 CWE-399 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #31 is available. |
Vulnerable software |
SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 Business Critical Linux Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Extension 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system reiserfs-kmp-default Operating systems & Components / Operating system package or component reiserfs-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-preempt-devel Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-preempt-debugsource Operating systems & Components / Operating system package or component kernel-preempt-debuginfo Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-preempt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-preempt Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-livepatch Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_203-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_203-default Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_52-debugsource Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-livepatch-devel Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 31 vulnerabilities.
EUVDB-ID: #VU63427
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67473
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20368
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63419
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due memory leak when working with ax88179_178a devices. An attacker with physical access to the system can inject a malicious USB-drive and remotely obtain data from kernel memory.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67811
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2964
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90175
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94421
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94460
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48802
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the smaps_page_accumulate(), smaps_account(), smaps_pte_entry(), smaps_pmd_entry(), pte_to_pagemap_entry() and pagemap_pmd_range() functions in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94432
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48805
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ax88179_rx_fixup() function in drivers/net/usb/ax88179_178a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpacket_rcv() and packet_recvmsg() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94397
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96329
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_map_put() function in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96330
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48873
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fastrpc_free_map(), fastrpc_buf_free() and fastrpc_device_release() functions in drivers/misc/fastrpc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96434
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48901
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96411
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48912
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_register_net_hook() function in net/netfilter/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96413
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48919
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96414
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_bind_addr() function in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74629
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1582
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75995
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2176
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90083
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90210
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94977
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96493
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96711
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default: before 5.3.18-150200.24.203.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-docs: before 5.3.18-150200.24.203.1
kernel-macros: before 5.3.18-150200.24.203.1
kernel-devel: before 5.3.18-150200.24.203.1
kernel-source: before 5.3.18-150200.24.203.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.203.1
kernel-default-devel: before 5.3.18-150200.24.203.1
kernel-obs-build: before 5.3.18-150200.24.203.1
kernel-syms: before 5.3.18-150200.24.203.1
kernel-preempt-devel: before 5.3.18-150200.24.203.1
kernel-default-base: before 5.3.18-150200.24.203.1.150200.9.105.1
kernel-preempt-debugsource: before 5.3.18-150200.24.203.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.203.1
kernel-preempt: before 5.3.18-150200.24.203.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
ocfs2-kmp-default: before 5.3.18-150200.24.203.1
cluster-md-kmp-default: before 5.3.18-150200.24.203.1
gfs2-kmp-default: before 5.3.18-150200.24.203.1
dlm-kmp-default: before 5.3.18-150200.24.203.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch: before 5.3.18-150200.24.203.1
kernel-default-debugsource: before 5.3.18-150200.24.203.1
kernel-livepatch-5_3_18-150200_24_203-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_203-default: before 1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_52-debugsource: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.203.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.203.1
kernel-default: before 5.3.18-150200.24.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243499-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.