Risk | Low |
Patch available | YES |
Number of vulnerabilities | 90 |
CVE-ID | CVE-2021-4442 CVE-2021-47387 CVE-2021-47408 CVE-2021-47620 CVE-2021-47622 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48799 CVE-2022-48844 CVE-2022-48911 CVE-2022-48943 CVE-2022-48945 CVE-2023-52766 CVE-2023-52915 CVE-2024-27024 CVE-2024-38381 CVE-2024-38596 CVE-2024-38632 CVE-2024-40973 CVE-2024-41000 CVE-2024-41073 CVE-2024-41079 CVE-2024-41082 CVE-2024-42154 CVE-2024-42265 CVE-2024-42305 CVE-2024-42306 CVE-2024-43884 CVE-2024-43890 CVE-2024-43898 CVE-2024-43904 CVE-2024-43912 CVE-2024-43914 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44969 CVE-2024-44972 CVE-2024-44982 CVE-2024-44987 CVE-2024-44998 CVE-2024-44999 CVE-2024-45008 CVE-2024-46673 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46727 CVE-2024-46731 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46753 CVE-2024-46759 CVE-2024-46761 CVE-2024-46770 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46783 CVE-2024-46784 CVE-2024-46787 CVE-2024-46822 CVE-2024-46853 CVE-2024-46854 CVE-2024-46859 |
CWE-ID | CWE-399 CWE-667 CWE-125 CWE-416 CWE-119 CWE-401 CWE-476 CWE-908 CWE-366 CWE-190 CWE-415 CWE-20 CWE-369 CWE-388 CWE-191 |
Exploitation vector | Local |
Public exploit |
Public exploit code for vulnerability #36 is available. Public exploit code for vulnerability #37 is available. |
Vulnerable software |
SUSE Linux Enterprise Real Time 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system kernel-rt Operating systems & Components / Operating system package or component kernel-rt_debug Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-base-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-base Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 90 vulnerabilities.
EUVDB-ID: #VU96620
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4442
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_tcp_setsockopt() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47387
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sugov_tunables_free(), sugov_tunables_alloc(), sugov_init() and sugov_exit() functions in kernel/sched/cpufreq_schedutil.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91511
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47408
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), get_next_corpse(), nf_ct_iterate_cleanup() and nf_conntrack_hash_resize() functions in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92905
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_le_adv_report_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94457
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47622
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL(), ufshcd_hba_capabilities(), ufshcd_wait_for_dev_cmd(), ufshcd_exec_dev_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_init() functions in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94424
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94423
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94422
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94421
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94478
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48799
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() and perf_cgroup_switch() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94400
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48844
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_release_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96410
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_queue_entry_dup() function in net/netfilter/nfnetlink_queue.c, within the nf_queue_entry_release_refs(), nf_queue_entry_get_refs() and __nf_queue() functions in net/netfilter/nf_queue.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96433
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shadow_page_table_clear_flood() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97681
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91086
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52915
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27024
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93042
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92380
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93020
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40973
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94295
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41000
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95011
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94930
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41079
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41082
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96538
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn30_apply_idle_power_optimizations() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43912
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nl80211_set_channel() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96542
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU96711
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU96889
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96875
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sc16is7xx_set_baud() function in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96885
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44969
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the extent_write_locked_range() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44982
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpu_plane_prepare_fb() function in drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96839
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96842
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96870
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96883
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97251
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_new_read_req() function in fs/smb/client/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97264
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46702
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tb_switch_remove() function in drivers/thunderbolt/switch.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the access_gic_sgi() function in arch/arm64/kvm/sys_regs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97548
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97531
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46715
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL(), iio_channel_read() and iio_channel_read_avail() functions in drivers/iio/inkern.c, within the iio_ev_state_store(), iio_ev_state_show() and iio_ev_value_show() functions in drivers/iio/industrialio-event.c, within the iio_read_channel_info() and iio_read_channel_info_avail() functions in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97571
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46717
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_handle_rx_cqe_mpwrq_shampo() function in drivers/net/ethernet/mellanox/mlx5/core/en_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46720
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97509
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97549
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the resource_log_pipe_topology_update() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46731
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the atomctrl_retrieve_ac_timing() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97491
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97493
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97494
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46746
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdtp_hid_remove() function in drivers/hid/amd-sfh-hid/amd_sfh_hid.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97504
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97539
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97544
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46753
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_up_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97554
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97513
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46770
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97567
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46772
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dcn315_populate_dml_pipes_from_context() function in drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97565
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46773
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dm_update_mst_vcpi_slots_for_dsc() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97563
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46774
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYSCALL_DEFINE1() function in arch/powerpc/kernel/rtas.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97519
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46778
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the CalculateSwathAndDETConfiguration() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_destroy_txq(), mana_create_txq() and mana_destroy_rxq() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46787
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97782
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97776
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97791
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46859
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.203.1
kernel-rt_debug: before 4.12.14-10.203.1
kernel-devel-rt: before 4.12.14-10.203.1
kernel-source-rt: before 4.12.14-10.203.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base-debuginfo: before 4.12.14-10.203.1
kernel-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt-base: before 4.12.14-10.203.1
kernel-rt-devel-debuginfo: before 4.12.14-10.203.1
gfs2-kmp-rt: before 4.12.14-10.203.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.203.1
dlm-kmp-rt: before 4.12.14-10.203.1
kernel-rt-devel: before 4.12.14-10.203.1
kernel-rt_debug-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt: before 4.12.14-10.203.1
kernel-syms-rt: before 4.12.14-10.203.1
kernel-rt_debug-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.203.1
kernel-rt-debugsource: before 4.12.14-10.203.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.203.1
kernel-rt_debug-devel: before 4.12.14-10.203.1
ocfs2-kmp-rt: before 4.12.14-10.203.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20243566-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.