Risk | High |
Patch available | YES |
Number of vulnerabilities | 241 |
CVE-ID | CVE-2023-52778 CVE-2023-52920 CVE-2023-52921 CVE-2023-52922 CVE-2024-26596 CVE-2024-26703 CVE-2024-26741 CVE-2024-26782 CVE-2024-26864 CVE-2024-26953 CVE-2024-27017 CVE-2024-27407 CVE-2024-35888 CVE-2024-36000 CVE-2024-36031 CVE-2024-36484 CVE-2024-36883 CVE-2024-36886 CVE-2024-36905 CVE-2024-36920 CVE-2024-36927 CVE-2024-36954 CVE-2024-36968 CVE-2024-38589 CVE-2024-40914 CVE-2024-41023 CVE-2024-42102 CVE-2024-44995 CVE-2024-46680 CVE-2024-46681 CVE-2024-46765 CVE-2024-46788 CVE-2024-46800 CVE-2024-46828 CVE-2024-46845 CVE-2024-47666 CVE-2024-47679 CVE-2024-47701 CVE-2024-47703 CVE-2024-49852 CVE-2024-49866 CVE-2024-49868 CVE-2024-49881 CVE-2024-49883 CVE-2024-49884 CVE-2024-49894 CVE-2024-49895 CVE-2024-49897 CVE-2024-49899 CVE-2024-49901 CVE-2024-49905 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911 CVE-2024-49912 CVE-2024-49913 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923 CVE-2024-49925 CVE-2024-49933 CVE-2024-49934 CVE-2024-49944 CVE-2024-49945 CVE-2024-49952 CVE-2024-49959 CVE-2024-49968 CVE-2024-49975 CVE-2024-49976 CVE-2024-49983 CVE-2024-49987 CVE-2024-49989 CVE-2024-50003 CVE-2024-50004 CVE-2024-50006 CVE-2024-50009 CVE-2024-50012 CVE-2024-50014 CVE-2024-50015 CVE-2024-50026 CVE-2024-50067 CVE-2024-50080 CVE-2024-50081 CVE-2024-50082 CVE-2024-50084 CVE-2024-50087 CVE-2024-50088 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095 CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50100 CVE-2024-50101 CVE-2024-50102 CVE-2024-50103 CVE-2024-50108 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50121 CVE-2024-50124 CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50130 CVE-2024-50131 CVE-2024-50134 CVE-2024-50135 CVE-2024-50136 CVE-2024-50138 CVE-2024-50139 CVE-2024-50141 CVE-2024-50145 CVE-2024-50146 CVE-2024-50147 CVE-2024-50148 CVE-2024-50150 CVE-2024-50153 CVE-2024-50154 CVE-2024-50155 CVE-2024-50156 CVE-2024-50157 CVE-2024-50158 CVE-2024-50159 CVE-2024-50160 CVE-2024-50166 CVE-2024-50167 CVE-2024-50169 CVE-2024-50171 CVE-2024-50172 CVE-2024-50175 CVE-2024-50176 CVE-2024-50177 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186 CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194 CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50200 CVE-2024-50201 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50210 CVE-2024-50215 CVE-2024-50216 CVE-2024-50218 CVE-2024-50221 CVE-2024-50224 CVE-2024-50225 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50231 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50240 CVE-2024-50245 CVE-2024-50246 CVE-2024-50248 CVE-2024-50249 CVE-2024-50250 CVE-2024-50252 CVE-2024-50255 CVE-2024-50257 CVE-2024-50261 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271 CVE-2024-50273 CVE-2024-50274 CVE-2024-50275 CVE-2024-50276 CVE-2024-50279 CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53045 CVE-2024-53048 CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53074 CVE-2024-53076 CVE-2024-53079 CVE-2024-53081 CVE-2024-53082 CVE-2024-53085 CVE-2024-53088 CVE-2024-53093 CVE-2024-53094 CVE-2024-53095 CVE-2024-53096 CVE-2024-53100 CVE-2024-53101 CVE-2024-53104 CVE-2024-53106 CVE-2024-53108 CVE-2024-53110 CVE-2024-53112 CVE-2024-53114 CVE-2024-53121 CVE-2024-53138 |
CWE-ID | CWE-119 CWE-476 CWE-416 CWE-125 CWE-399 CWE-415 CWE-200 CWE-682 CWE-908 CWE-617 CWE-20 CWE-362 CWE-401 CWE-369 CWE-667 CWE-388 CWE-190 CWE-835 CWE-665 CWE-404 CWE-191 CWE-787 |
Exploitation vector | Network |
Public exploit | Vulnerability #234 is being exploited in the wild. |
Vulnerable software |
SUSE Real Time Module Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-6_4_0-150600_10_20-rt Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource Operating systems & Components / Operating system package or component kernel-rt_debug Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component kernel-rt-livepatch-devel Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kselftests-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt-optional-debuginfo Operating systems & Components / Operating system package or component kernel-rt-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-rt-vdso Operating systems & Components / Operating system package or component kernel-rt_debug-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-rt-extra-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-extra Operating systems & Components / Operating system package or component kernel-rt-optional Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component kernel-rt_debug-vdso Operating systems & Components / Operating system package or component kselftests-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 241 vulnerabilities.
EUVDB-ID: #VU93169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52778
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mptcp_update_infinite_map() and mptcp_sendmsg_frag() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99770
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BPF_MOV64_REG() and BPF_RAW_INSN() functions in tools/testing/selftests/bpf/verifier/precise.c, within the subprog_spill_reg_precise() function in tools/testing/selftests/bpf/progs/verifier_subprog_precision.c, within the copy_verifier_state(), check_reg_arg(), is_jmp_point(), bt_is_reg_set(), calls_callback(), backtrack_insn(), __mark_chain_precision(), check_stack_write_fixed_off(), check_stack_read_fixed_off(), check_atomic(), push_jmp_history() and do_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100617
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52921
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_cs_pass1() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52922
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90362
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26596
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() and dsa_user_changeupper() functions in net/dsa/user.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90606
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26703
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the timerlat_fd_open() and timerlat_fd_read() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26741
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the net/ipv4/inet_hashtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91364
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26864
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sock_prot_inuse_add() function in net/ipv4/inet_hashtables.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91359
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26953
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93615
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27017
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93624
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27407
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90873
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36000
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93039
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90049
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93238
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mpi3mr_bsg_process_mpt_cmds() function in drivers/scsi/mpi3mr/mpi3mr_app.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90863
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36927
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36968
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92365
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94291
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40914
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41023
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95034
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96855
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46680
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ps_wakeup(), btnxpuart_close() and nxp_serdev_remove() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46681
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46765
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_xsk_pool_setup() function in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_clear_hw_tbls(), ice_xdp_setup_prog() and ice_xdp() functions in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_vsi_free(), ice_vsi_alloc() and ice_vsi_rebuild() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97517
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46788
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the osnoise_migration_pending(), stop_kthread(), start_kthread() and start_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97501
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97786
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97780
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46845
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the this_cpu_tmr_var() and timerlat_fd_release() functions in kernel/trace/trace_osnoise.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98366
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47666
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99031
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98898
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47701
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47703
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98891
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49866
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98969
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49881
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98866
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98867
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98912
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49895
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm3_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49897
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49899
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the CalculateVMGroupAndRequestTimes() function in drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c, within the get_bytes_per_element() function in drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c, within the calculate_ttu_cursor() function in drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98939
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49909
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98936
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn20_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49912
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the planes_changed_for_existing_stream() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98934
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49913
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98926
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dp_verify_link_cap_with_retries() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c, within the dcn35_init_hw() and dcn35_calc_blocks_to_gate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c, within the dcn31_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c, within the dcn10_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c, within the dce110_edp_backlight_control() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c, within the hubp2_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c, within the hubp1_is_flip_pending() function in drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c, within the dce11_pplib_apply_display_requirements() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98924
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49922
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98950
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49923
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98871
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98906
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49933
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98872
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49934
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98953
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49944
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98875
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49945
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49952
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99017
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ext4_feature_set_ok() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98854
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49975
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99015
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stop_kthread() and stop_per_cpu_kthreads() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98880
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_ext_replay_update_ex() function in fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98946
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49987
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the show_link_netfilter() function in tools/bpf/bpftool/net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99058
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49989
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the link_destruct() function in drivers/gpu/drm/amd/display/dc/link/link_factory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99218
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50003
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dmub_hpd_callback() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99040
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50004
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_unoptimized_policy_settings() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99011
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50006
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98923
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50009
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amd_pstate_adjust_perf() and amd_pstate_init_prefcore() functions in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99186
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50012
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the include/linux/cpufreq.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.20.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.20.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244314-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99010
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_20-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_20-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_6-debugsource: before 1-150600.1.3.1
kernel-rt_debug: before 6.4.0-150600.10.20.1
kernel-rt: before 6.4.0-150600.10.20.1
kernel-source-rt: before 6.4.0-150600.10.20.1
kernel-devel-rt: before 6.4.0-150600.10.20.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
gfs2-kmp-rt: before 6.4.0-150600.10.20.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kselftests-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-syms-rt: before 6.4.0-150600.10.20.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-vdso: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-extra: before 6.4.0-150600.10.20.1
kernel-rt-optional: before 6.4.0-150600.10.20.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.20.1
dlm-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.20.1
reiserfs-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt-debugsource: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt: before 6.4.0-150600.10.20.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
kernel-rt_debug-devel: before 6.4.0-150600.10.20.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.20.1
cluster-md-kmp-rt: before 6.4.0-150600.10.20.1
kernel-rt-devel: before 6.4.0-150600.10.20.1
kernel-rt_debug-vdso: