SUSE update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 211
CVE-ID CVE-2021-47416
CVE-2021-47534
CVE-2022-3435
CVE-2022-45934
CVE-2022-48664
CVE-2022-48879
CVE-2022-48946
CVE-2022-48947
CVE-2022-48948
CVE-2022-48949
CVE-2022-48951
CVE-2022-48953
CVE-2022-48954
CVE-2022-48955
CVE-2022-48956
CVE-2022-48957
CVE-2022-48958
CVE-2022-48959
CVE-2022-48960
CVE-2022-48961
CVE-2022-48962
CVE-2022-48966
CVE-2022-48967
CVE-2022-48968
CVE-2022-48969
CVE-2022-48970
CVE-2022-48971
CVE-2022-48972
CVE-2022-48973
CVE-2022-48975
CVE-2022-48977
CVE-2022-48978
CVE-2022-48980
CVE-2022-48981
CVE-2022-48985
CVE-2022-48987
CVE-2022-48988
CVE-2022-48991
CVE-2022-48992
CVE-2022-48994
CVE-2022-48995
CVE-2022-48997
CVE-2022-48999
CVE-2022-49000
CVE-2022-49002
CVE-2022-49003
CVE-2022-49005
CVE-2022-49006
CVE-2022-49007
CVE-2022-49010
CVE-2022-49011
CVE-2022-49012
CVE-2022-49014
CVE-2022-49015
CVE-2022-49016
CVE-2022-49017
CVE-2022-49019
CVE-2022-49020
CVE-2022-49021
CVE-2022-49022
CVE-2022-49023
CVE-2022-49024
CVE-2022-49025
CVE-2022-49026
CVE-2022-49027
CVE-2022-49028
CVE-2022-49029
CVE-2022-49031
CVE-2022-49032
CVE-2023-2166
CVE-2023-28327
CVE-2023-52766
CVE-2023-52800
CVE-2023-52881
CVE-2023-52919
CVE-2023-6270
CVE-2024-27043
CVE-2024-36244
CVE-2024-36957
CVE-2024-39476
CVE-2024-40965
CVE-2024-42145
CVE-2024-42226
CVE-2024-42253
CVE-2024-44931
CVE-2024-44947
CVE-2024-44958
CVE-2024-45016
CVE-2024-45025
CVE-2024-46678
CVE-2024-46716
CVE-2024-46719
CVE-2024-46754
CVE-2024-46770
CVE-2024-46775
CVE-2024-46777
CVE-2024-46809
CVE-2024-46811
CVE-2024-46813
CVE-2024-46814
CVE-2024-46815
CVE-2024-46816
CVE-2024-46817
CVE-2024-46818
CVE-2024-46826
CVE-2024-46828
CVE-2024-46834
CVE-2024-46840
CVE-2024-46841
CVE-2024-46848
CVE-2024-46849
CVE-2024-46854
CVE-2024-46855
CVE-2024-46857
CVE-2024-47660
CVE-2024-47661
CVE-2024-47664
CVE-2024-47668
CVE-2024-47672
CVE-2024-47673
CVE-2024-47674
CVE-2024-47684
CVE-2024-47685
CVE-2024-47692
CVE-2024-47704
CVE-2024-47705
CVE-2024-47706
CVE-2024-47707
CVE-2024-47710
CVE-2024-47720
CVE-2024-47727
CVE-2024-47730
CVE-2024-47738
CVE-2024-47739
CVE-2024-47745
CVE-2024-47747
CVE-2024-47748
CVE-2024-49858
CVE-2024-49860
CVE-2024-49866
CVE-2024-49867
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49886
CVE-2024-49890
CVE-2024-49892
CVE-2024-49894
CVE-2024-49895
CVE-2024-49896
CVE-2024-49897
CVE-2024-49899
CVE-2024-49901
CVE-2024-49906
CVE-2024-49908
CVE-2024-49909
CVE-2024-49911
CVE-2024-49912
CVE-2024-49913
CVE-2024-49914
CVE-2024-49917
CVE-2024-49918
CVE-2024-49919
CVE-2024-49920
CVE-2024-49922
CVE-2024-49923
CVE-2024-49929
CVE-2024-49930
CVE-2024-49933
CVE-2024-49936
CVE-2024-49939
CVE-2024-49946
CVE-2024-49949
CVE-2024-49954
CVE-2024-49955
CVE-2024-49958
CVE-2024-49959
CVE-2024-49960
CVE-2024-49962
CVE-2024-49967
CVE-2024-49969
CVE-2024-49973
CVE-2024-49974
CVE-2024-49975
CVE-2024-49982
CVE-2024-49991
CVE-2024-49993
CVE-2024-49995
CVE-2024-49996
CVE-2024-50000
CVE-2024-50001
CVE-2024-50002
CVE-2024-50006
CVE-2024-50014
CVE-2024-50019
CVE-2024-50024
CVE-2024-50028
CVE-2024-50033
CVE-2024-50035
CVE-2024-50041
CVE-2024-50045
CVE-2024-50046
CVE-2024-50047
CVE-2024-50048
CVE-2024-50049
CVE-2024-50055
CVE-2024-50058
CVE-2024-50059
CVE-2024-50061
CVE-2024-50063
CVE-2024-50081
CWE-ID CWE-401
CWE-125
CWE-190
CWE-667
CWE-476
CWE-119
CWE-787
CWE-399
CWE-415
CWE-200
CWE-20
CWE-388
CWE-835
CWE-682
CWE-416
CWE-451
CWE-193
CWE-617
CWE-369
CWE-908
CWE-362
CWE-665
Exploitation vector Network
Public exploit Public exploit code for vulnerability #86 is available.
Vulnerable software
openSUSE Leap Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Real Time Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

kernel-rt-livepatch
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-extra
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_13_76-rt
Operating systems & Components / Operating system package or component

kernel-rt-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-rt-optional
Operating systems & Components / Operating system package or component

kernel-rt_debug-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource
Operating systems & Components / Operating system package or component

kselftests-kmp-rt
Operating systems & Components / Operating system package or component

reiserfs-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug
Operating systems & Components / Operating system package or component

kernel-devel-rt
Operating systems & Components / Operating system package or component

kernel-source-rt
Operating systems & Components / Operating system package or component

gfs2-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt_debug-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-devel
Operating systems & Components / Operating system package or component

kernel-rt-debugsource
Operating systems & Components / Operating system package or component

kernel-rt-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-rt
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-vdso
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt
Operating systems & Components / Operating system package or component

dlm-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug-vdso
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel
Operating systems & Components / Operating system package or component

gfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt_debug-debugsource
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 211 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU89967

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47416

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU91617

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47534

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU70499

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3435

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU70464

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45934

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the l2cap_config_req() function in net/bluetooth/l2cap_core.c in Linux kernel. A local user can pass specially crafted L2CAP_CONF_REQ packets to the device, trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU92031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48664

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the close_ctree() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU96355

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU99094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU99095

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48947

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the l2cap_config_req() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99096

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48948

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the uvc_function_ep0_complete() function in drivers/usb/gadget/function/f_uvc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU99153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48949

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_vf_reset_msg() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

EUVDB-ID: #VU99179

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48951

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU99139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48953

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmos_check_acpi_rtc_status(), cmos_pnp_probe(), cmos_of_init() and cmos_platform_probe() functions in drivers/rtc/rtc-cmos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Double free

EUVDB-ID: #VU99050

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48954

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the qeth_l2_br2dev_worker() and dev_put() functions in drivers/s390/net/qeth_l2_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU99103

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48955

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the tbnet_open() function in drivers/net/thunderbolt.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU99165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU99104

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48957

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information disclosure

EUVDB-ID: #VU99105

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48958

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the greth_init_rings() function in drivers/net/ethernet/aeroflex/greth.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU99106

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48959

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sja1105_setup_devlink_regions() function in drivers/net/dsa/sja1105/sja1105_devlink.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU99207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU99164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU99210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU99211

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Information disclosure

EUVDB-ID: #VU99109

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48968

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the otx2_init_tc() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU99131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48969

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Resource management error

EUVDB-ID: #VU99140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48970

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sk_diag_show_rqlen(), sk_diag_fill(), sk_diag_dump() and unix_diag_dump() functions in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU99141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48971

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bt_init() and sock_unregister() functions in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU99163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48972

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper error handling

EUVDB-ID: #VU99065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48973

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Information disclosure

EUVDB-ID: #VU99110

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48975

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU99217

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the can_rcv() and canfd_rcv() functions in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Resource management error

EUVDB-ID: #VU99142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper locking

EUVDB-ID: #VU99002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sja1105_init_l2_policing() function in drivers/net/dsa/sja1105/sja1105_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Double free

EUVDB-ID: #VU99051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48981

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU99097

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48985

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mana_poll_rx_cq() and mana_cq_handler() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU99035

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48987

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the v4l2_valid_dv_timings() function in drivers/media/v4l2-core/v4l2-dv-timings.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU99197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48988

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

EUVDB-ID: #VU99215

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48991

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU99214

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU99195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Double free

EUVDB-ID: #VU99052

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48995

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the raydium_i2c_send() function in drivers/input/touchscreen/raydium_i2c_ts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU99004

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48997

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() function in drivers/char/tpm/tpm-interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU99206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48999

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ipv4_fcnal() function in tools/testing/selftests/net/fib_nexthops.sh, within the fib_nh_match() function in net/ipv4/fib_semantics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper error handling

EUVDB-ID: #VU99060

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49000

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the has_external_pci() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper error handling

EUVDB-ID: #VU99066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49002

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU99005

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49003

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_mpath_revalidate_paths() function in drivers/nvme/host/multipath.c, within the nvme_ns_remove() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU99213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Infinite loop

EUVDB-ID: #VU99119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49006

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU99036

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU99037

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49010

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Information disclosure

EUVDB-ID: #VU99113

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49011

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Information disclosure

EUVDB-ID: #VU99114

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49012

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the afs_put_server() function in fs/afs/server.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Incorrect calculation

EUVDB-ID: #VU99182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49014

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __tun_detach() and tun_detach() functions in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU99199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hsr_deliver_master() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU99162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49016

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the phy_mdio_device_free() function in drivers/net/phy/phy_device.c, within the fwnode_mdiobus_register_phy() function in drivers/net/mdio/fwnode_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Double free

EUVDB-ID: #VU99053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49017

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the tipc_crypto_key_synch() function in net/tipc/crypto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Infinite loop

EUVDB-ID: #VU99120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49019

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the nixge_hw_dma_bd_release() function in drivers/net/ethernet/ni/nixge.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Information disclosure

EUVDB-ID: #VU99116

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Resource management error

EUVDB-ID: #VU99136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU99200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_get_rate_duration() function in net/mac80211/airtime.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Buffer overflow

EUVDB-ID: #VU99098

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49023

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cfg80211_gen_new_ie() function in net/wireless/scan.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper error handling

EUVDB-ID: #VU99068

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49024

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the m_can_pci_probe() and m_can_pci_remove() functions in drivers/net/can/m_can/m_can_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Input validation error

EUVDB-ID: #VU99201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49025

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Double free

EUVDB-ID: #VU99054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49026

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU99007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49027

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iavf_init_module() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU99008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49028

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ixgbevf_init_module() function in drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU99161

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49029

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU99202

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49031

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the afe4403_read_raw() function in drivers/iio/health/afe4403.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds write

EUVDB-ID: #VU99180

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49032

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the afe4404_read_raw() and afe4404_write_raw() functions in drivers/iio/health/afe4404.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) NULL pointer dereference

EUVDB-ID: #VU79495

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2166

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: before 5.14.21-150500.13.76.1

kernel-devel-rt: before 5.14.21-150500.13.76.1

kernel-source-rt: before 5.14.21-150500.13.76.1

gfs2-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-devel: before 5.14.21-150500.13.76.1

kernel-rt-debugsource: before 5.14.21-150500.13.76.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.76.1

kernel-syms-rt: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.76.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.76.1

ocfs2-kmp-rt: before 5.14.21-150500.13.76.1

dlm-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.76.1

kernel-rt_debug-devel: before 5.14.21-150500.13.76.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243985-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU74772

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-28327

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.5

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt-livepatch: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt-debuginfo: before 1-150500.11.3.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.76.1

kernel-rt-extra: before 5.14.21-150500.13.76.1

kernel-livepatch-5_14_21-150500_13_76-rt: before 1-150500.11.3.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-rt-optional: before 5.14.21-150500.13.76.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.76.1

kernel-livepatch-SLE15-SP5-RT_Update_22-debugsource: before 1-150500.11.3.1

kselftests-kmp-rt: before 5.14.21-150500.13.76.1

reiserfs-kmp-rt: before 5.14.21-150500.13.76.1

kernel-rt: before 5.14.21-150500.13.76.1

kernel-rt_debug: