SUSE update for the Linux Kernel



| Updated: 2025-02-05
Risk High
Patch available YES
Number of vulnerabilities 439
CVE-ID CVE-2021-47416
CVE-2021-47534
CVE-2021-47594
CVE-2022-3435
CVE-2022-45934
CVE-2022-48664
CVE-2022-48674
CVE-2022-48879
CVE-2022-48946
CVE-2022-48947
CVE-2022-48948
CVE-2022-48949
CVE-2022-48951
CVE-2022-48953
CVE-2022-48954
CVE-2022-48955
CVE-2022-48956
CVE-2022-48957
CVE-2022-48958
CVE-2022-48959
CVE-2022-48960
CVE-2022-48961
CVE-2022-48962
CVE-2022-48966
CVE-2022-48967
CVE-2022-48968
CVE-2022-48969
CVE-2022-48970
CVE-2022-48971
CVE-2022-48972
CVE-2022-48973
CVE-2022-48975
CVE-2022-48977
CVE-2022-48978
CVE-2022-48979
CVE-2022-48980
CVE-2022-48981
CVE-2022-48982
CVE-2022-48983
CVE-2022-48985
CVE-2022-48987
CVE-2022-48988
CVE-2022-48989
CVE-2022-48990
CVE-2022-48991
CVE-2022-48992
CVE-2022-48994
CVE-2022-48995
CVE-2022-48997
CVE-2022-48999
CVE-2022-49000
CVE-2022-49002
CVE-2022-49003
CVE-2022-49005
CVE-2022-49006
CVE-2022-49007
CVE-2022-49010
CVE-2022-49011
CVE-2022-49012
CVE-2022-49014
CVE-2022-49015
CVE-2022-49016
CVE-2022-49017
CVE-2022-49019
CVE-2022-49020
CVE-2022-49021
CVE-2022-49022
CVE-2022-49023
CVE-2022-49024
CVE-2022-49025
CVE-2022-49026
CVE-2022-49027
CVE-2022-49028
CVE-2022-49029
CVE-2022-49031
CVE-2022-49032
CVE-2023-2166
CVE-2023-28327
CVE-2023-52766
CVE-2023-52800
CVE-2023-52881
CVE-2023-52915
CVE-2023-52917
CVE-2023-52918
CVE-2023-52919
CVE-2023-52921
CVE-2023-52922
CVE-2023-6270
CVE-2024-26782
CVE-2024-26906
CVE-2024-26953
CVE-2024-27043
CVE-2024-35888
CVE-2024-35937
CVE-2024-35980
CVE-2024-36244
CVE-2024-36484
CVE-2024-36883
CVE-2024-36886
CVE-2024-36905
CVE-2024-36953
CVE-2024-36954
CVE-2024-36957
CVE-2024-38577
CVE-2024-38589
CVE-2024-38615
CVE-2024-39476
CVE-2024-40965
CVE-2024-40997
CVE-2024-41016
CVE-2024-41023
CVE-2024-41049
CVE-2024-42131
CVE-2024-42145
CVE-2024-42226
CVE-2024-42253
CVE-2024-43817
CVE-2024-43897
CVE-2024-44931
CVE-2024-44932
CVE-2024-44947
CVE-2024-44958
CVE-2024-44964
CVE-2024-44995
CVE-2024-45016
CVE-2024-45025
CVE-2024-46678
CVE-2024-46681
CVE-2024-46716
CVE-2024-46719
CVE-2024-46754
CVE-2024-46770
CVE-2024-46775
CVE-2024-46777
CVE-2024-46800
CVE-2024-46802
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46809
CVE-2024-46810
CVE-2024-46811
CVE-2024-46812
CVE-2024-46813
CVE-2024-46814
CVE-2024-46815
CVE-2024-46816
CVE-2024-46817
CVE-2024-46818
CVE-2024-46819
CVE-2024-46821
CVE-2024-46826
CVE-2024-46828
CVE-2024-46834
CVE-2024-46835
CVE-2024-46840
CVE-2024-46841
CVE-2024-46842
CVE-2024-46848
CVE-2024-46849
CVE-2024-46853
CVE-2024-46854
CVE-2024-46855
CVE-2024-46857
CVE-2024-46859
CVE-2024-46864
CVE-2024-46871
CVE-2024-47660
CVE-2024-47661
CVE-2024-47663
CVE-2024-47664
CVE-2024-47665
CVE-2024-47667
CVE-2024-47668
CVE-2024-47669
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CVE-2024-47673
CVE-2024-47674
CVE-2024-47679
CVE-2024-47682
CVE-2024-47684
CVE-2024-47685
CVE-2024-47692
CVE-2024-47693
CVE-2024-47695
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47699
CVE-2024-47701
CVE-2024-47704
CVE-2024-47705
CVE-2024-47706
CVE-2024-47707
CVE-2024-47709
CVE-2024-47710
CVE-2024-47712
CVE-2024-47713
CVE-2024-47718
CVE-2024-47720
CVE-2024-47723
CVE-2024-47727
CVE-2024-47728
CVE-2024-47730
CVE-2024-47735
CVE-2024-47737
CVE-2024-47738
CVE-2024-47739
CVE-2024-47742
CVE-2024-47745
CVE-2024-47747
CVE-2024-47748
CVE-2024-47749
CVE-2024-47756
CVE-2024-47757
CVE-2024-49850
CVE-2024-49851
CVE-2024-49852
CVE-2024-49855
CVE-2024-49858
CVE-2024-49860
CVE-2024-49861
CVE-2024-49863
CVE-2024-49866
CVE-2024-49867
CVE-2024-49868
CVE-2024-49870
CVE-2024-49871
CVE-2024-49875
CVE-2024-49877
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49884
CVE-2024-49886
CVE-2024-49890
CVE-2024-49891
CVE-2024-49892
CVE-2024-49894
CVE-2024-49895
CVE-2024-49896
CVE-2024-49897
CVE-2024-49899
CVE-2024-49900
CVE-2024-49901
CVE-2024-49902
CVE-2024-49903
CVE-2024-49905
CVE-2024-49906
CVE-2024-49907
CVE-2024-49908
CVE-2024-49909
CVE-2024-49911
CVE-2024-49912
CVE-2024-49913
CVE-2024-49914
CVE-2024-49917
CVE-2024-49918
CVE-2024-49919
CVE-2024-49920
CVE-2024-49921
CVE-2024-49922
CVE-2024-49923
CVE-2024-49924
CVE-2024-49925
CVE-2024-49929
CVE-2024-49930
CVE-2024-49933
CVE-2024-49934
CVE-2024-49935
CVE-2024-49936
CVE-2024-49938
CVE-2024-49939
CVE-2024-49945
CVE-2024-49946
CVE-2024-49947
CVE-2024-49949
CVE-2024-49950
CVE-2024-49954
CVE-2024-49955
CVE-2024-49957
CVE-2024-49958
CVE-2024-49959
CVE-2024-49960
CVE-2024-49962
CVE-2024-49963
CVE-2024-49965
CVE-2024-49966
CVE-2024-49967
CVE-2024-49968
CVE-2024-49969
CVE-2024-49973
CVE-2024-49974
CVE-2024-49975
CVE-2024-49981
CVE-2024-49982
CVE-2024-49983
CVE-2024-49985
CVE-2024-49989
CVE-2024-49991
CVE-2024-49993
CVE-2024-49995
CVE-2024-49996
CVE-2024-50000
CVE-2024-50001
CVE-2024-50002
CVE-2024-50003
CVE-2024-50006
CVE-2024-50007
CVE-2024-50008
CVE-2024-50009
CVE-2024-50013
CVE-2024-50014
CVE-2024-50017
CVE-2024-50019
CVE-2024-50024
CVE-2024-50025
CVE-2024-50026
CVE-2024-50028
CVE-2024-50031
CVE-2024-50033
CVE-2024-50035
CVE-2024-50041
CVE-2024-50044
CVE-2024-50045
CVE-2024-50046
CVE-2024-50047
CVE-2024-50048
CVE-2024-50049
CVE-2024-50055
CVE-2024-50058
CVE-2024-50059
CVE-2024-50061
CVE-2024-50062
CVE-2024-50063
CVE-2024-50067
CVE-2024-50073
CVE-2024-50074
CVE-2024-50077
CVE-2024-50078
CVE-2024-50081
CVE-2024-50082
CVE-2024-50089
CVE-2024-50093
CVE-2024-50095
CVE-2024-50096
CVE-2024-50098
CVE-2024-50099
CVE-2024-50103
CVE-2024-50108
CVE-2024-50110
CVE-2024-50115
CVE-2024-50116
CVE-2024-50117
CVE-2024-50124
CVE-2024-50125
CVE-2024-50127
CVE-2024-50128
CVE-2024-50131
CVE-2024-50134
CVE-2024-50135
CVE-2024-50138
CVE-2024-50141
CVE-2024-50146
CVE-2024-50147
CVE-2024-50148
CVE-2024-50150
CVE-2024-50153
CVE-2024-50154
CVE-2024-50155
CVE-2024-50156
CVE-2024-50160
CVE-2024-50167
CVE-2024-50171
CVE-2024-50179
CVE-2024-50180
CVE-2024-50182
CVE-2024-50183
CVE-2024-50184
CVE-2024-50186
CVE-2024-50187
CVE-2024-50188
CVE-2024-50189
CVE-2024-50192
CVE-2024-50194
CVE-2024-50195
CVE-2024-50196
CVE-2024-50198
CVE-2024-50201
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50215
CVE-2024-50218
CVE-2024-50229
CVE-2024-50230
CVE-2024-50232
CVE-2024-50233
CVE-2024-50234
CVE-2024-50236
CVE-2024-50237
CVE-2024-50249
CVE-2024-50255
CVE-2024-50259
CVE-2024-50261
CVE-2024-50264
CVE-2024-50265
CVE-2024-50267
CVE-2024-50268
CVE-2024-50269
CVE-2024-50271
CVE-2024-50273
CVE-2024-50274
CVE-2024-50279
CVE-2024-50282
CVE-2024-50287
CVE-2024-50289
CVE-2024-50290
CVE-2024-50292
CVE-2024-50295
CVE-2024-50298
CVE-2024-50301
CVE-2024-50302
CVE-2024-53052
CVE-2024-53058
CVE-2024-53059
CVE-2024-53060
CVE-2024-53061
CVE-2024-53063
CVE-2024-53066
CVE-2024-53068
CVE-2024-53079
CVE-2024-53085
CVE-2024-53088
CVE-2024-53104
CVE-2024-53110
CWE-ID CWE-401
CWE-476
CWE-125
CWE-190
CWE-667
CWE-416
CWE-119
CWE-787
CWE-399
CWE-415
CWE-200
CWE-20
CWE-388
CWE-191
CWE-835
CWE-682
CWE-451
CWE-908
CWE-617
CWE-362
CWE-193
CWE-665
CWE-369
CWE-404
Exploitation vector Network
Public exploit Public exploit code for vulnerability #121 is available.
Vulnerability #438 is being exploited in the wild.
Vulnerable software
SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise High Availability Extension 15
Operating systems & Components / Operating system

Development Tools Module
Operating systems & Components / Operating system

Legacy Module
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-livepatch-SLE15-SP5_Update_21-debugsource
Operating systems & Components / Operating system package or component

kernel-default-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_55_88-default
Operating systems & Components / Operating system package or component

kernel-default-livepatch
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-default
Operating systems & Components / Operating system package or component

reiserfs-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debuginfo
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debugsource
Operating systems & Components / Operating system package or component

kernel-zfcpdump
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-64kb-debugsource
Operating systems & Components / Operating system package or component

kernel-64kb-devel
Operating systems & Components / Operating system package or component

kernel-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 439 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU89967

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47416

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU91617

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47534

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU92336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47594

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU70499

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-3435

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU70464

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45934

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the l2cap_config_req() function in net/bluetooth/l2cap_core.c in Linux kernel. A local user can pass specially crafted L2CAP_CONF_REQ packets to the device, trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU92031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48664

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the close_ctree() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90174

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the fs/erofs/internal.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU96355

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU99095

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48947

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the l2cap_config_req() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU99096

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48948

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the uvc_function_ep0_complete() function in drivers/usb/gadget/function/f_uvc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU99153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48949

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_vf_reset_msg() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU99179

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48951

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU99139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48953

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmos_check_acpi_rtc_status(), cmos_pnp_probe(), cmos_of_init() and cmos_platform_probe() functions in drivers/rtc/rtc-cmos.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Double free

EUVDB-ID: #VU99050

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48954

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the qeth_l2_br2dev_worker() and dev_put() functions in drivers/s390/net/qeth_l2_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU99103

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48955

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the tbnet_open() function in drivers/net/thunderbolt.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU99165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU99104

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48957

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU99105

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48958

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the greth_init_rings() function in drivers/net/ethernet/aeroflex/greth.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Information disclosure

EUVDB-ID: #VU99106

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48959

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sja1105_setup_devlink_regions() function in drivers/net/dsa/sja1105/sja1105_devlink.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU99207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU99164

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48961

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU99208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU99210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU99211

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Information disclosure

EUVDB-ID: #VU99109

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48968

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the otx2_init_tc() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU99131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48969

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU99140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48970

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sk_diag_show_rqlen(), sk_diag_fill(), sk_diag_dump() and unix_diag_dump() functions in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU99141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48971

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bt_init() and sock_unregister() functions in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Resource management error

EUVDB-ID: #VU99163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48972

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper error handling

EUVDB-ID: #VU99065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48973

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information disclosure

EUVDB-ID: #VU99110

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48975

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU99217

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the can_rcv() and canfd_rcv() functions in net/can/af_can.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU99142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU99216

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48979

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU99002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sja1105_init_l2_policing() function in drivers/net/dsa/sja1105/sja1105_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Double free

EUVDB-ID: #VU99051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48981

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU98992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48982

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_register_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU99003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48983

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_tctx_exit_cb() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer overflow

EUVDB-ID: #VU99097

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48985

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mana_poll_rx_cq() and mana_cq_handler() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Input validation error

EUVDB-ID: #VU99035

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48987

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the v4l2_valid_dv_timings() function in drivers/media/v4l2-core/v4l2-dv-timings.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU99197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48988

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Resource management error

EUVDB-ID: #VU99138

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48989

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the set_bit() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Integer underflow

EUVDB-ID: #VU99093

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48990

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the amdgpu_job_free_cb() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU99215

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48991

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU99214

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU99195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48994

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Double free

EUVDB-ID: #VU99052

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48995

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the raydium_i2c_send() function in drivers/input/touchscreen/raydium_i2c_ts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU99004

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48997

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() function in drivers/char/tpm/tpm-interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU99206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48999

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ipv4_fcnal() function in tools/testing/selftests/net/fib_nexthops.sh, within the fib_nh_match() function in net/ipv4/fib_semantics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper error handling

EUVDB-ID: #VU99060

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49000

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the has_external_pci() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper error handling

EUVDB-ID: #VU99066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49002

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU99005

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49003

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_mpath_revalidate_paths() function in drivers/nvme/host/multipath.c, within the nvme_ns_remove() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU99213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Infinite loop

EUVDB-ID: #VU99119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49006

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU99036

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49007

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU99037

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49010

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Information disclosure

EUVDB-ID: #VU99113

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49011

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Information disclosure

EUVDB-ID: #VU99114

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49012

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the afs_put_server() function in fs/afs/server.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Incorrect calculation

EUVDB-ID: #VU99182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49014

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __tun_detach() and tun_detach() functions in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU99199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hsr_deliver_master() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU99162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49016

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the phy_mdio_device_free() function in drivers/net/phy/phy_device.c, within the fwnode_mdiobus_register_phy() function in drivers/net/mdio/fwnode_mdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Double free

EUVDB-ID: #VU99053

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49017

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the tipc_crypto_key_synch() function in net/tipc/crypto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Infinite loop

EUVDB-ID: #VU99120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49019

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the nixge_hw_dma_bd_release() function in drivers/net/ethernet/ni/nixge.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Information disclosure

EUVDB-ID: #VU99116

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource management error

EUVDB-ID: #VU99136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU99200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_get_rate_duration() function in net/mac80211/airtime.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Buffer overflow

EUVDB-ID: #VU99098

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49023

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cfg80211_gen_new_ie() function in net/wireless/scan.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improper error handling

EUVDB-ID: #VU99068

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49024

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the m_can_pci_probe() and m_can_pci_remove() functions in drivers/net/can/m_can/m_can_pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244364-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Input validation error

EUVDB-ID: #VU99201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49025

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Micro: 5.5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

gfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default: before 5.14.21-150500.55.88.1

dlm-kmp-default: before 5.14.21-150500.55.88.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

ocfs2-kmp-default: before 5.14.21-150500.55.88.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-livepatch-SLE15-SP5_Update_21-debugsource: before 1-150500.11.5.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default: before 1-150500.11.5.1

kernel-default-livepatch: before 5.14.21-150500.55.88.1

kernel-livepatch-5_14_21-150500_55_88-default-debuginfo: before 1-150500.11.5.1

reiserfs-kmp-default: before 5.14.21-150500.55.88.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-source: before 5.14.21-150500.55.88.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.88.1

kernel-obs-build: before 5.14.21-150500.55.88.1

kernel-syms: before 5.14.21-150500.55.88.1

kernel-docs: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.88.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.88.1

kernel-zfcpdump: before 5.14.21-150500.55.88.1

kernel-devel: before 5.14.21-150500.55.88.1

kernel-macros: before 5.14.21-150500.55.88.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debugsource: before 5.14.21-150500.55.88.1

kernel-64kb-devel: before 5.14.21-150500.55.88.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.88.1

kernel-64kb: before 5.14.21-150500.55.88.1

kernel-default-debugsource: before 5.14.21-150500.55.88.1

kernel-default-debuginfo: before 5.14.21-150500.55.88.1

kernel-default-base: before 5.14.21-150500.55.88.1.150500.6.39.4

kernel-default: before 5.14.21-150500.55.88.1

CPE2.3