SUSE update for the Linux Kernel



| Updated: 2025-02-05
Risk High
Patch available YES
Number of vulnerabilities 230
CVE-ID CVE-2021-47594
CVE-2022-48674
CVE-2022-48979
CVE-2022-48982
CVE-2022-48983
CVE-2022-48989
CVE-2022-48990
CVE-2023-52915
CVE-2023-52917
CVE-2023-52918
CVE-2023-52921
CVE-2023-52922
CVE-2024-26782
CVE-2024-26906
CVE-2024-26953
CVE-2024-35888
CVE-2024-35937
CVE-2024-35980
CVE-2024-36484
CVE-2024-36883
CVE-2024-36886
CVE-2024-36905
CVE-2024-36953
CVE-2024-36954
CVE-2024-38577
CVE-2024-38589
CVE-2024-38615
CVE-2024-40997
CVE-2024-41016
CVE-2024-41023
CVE-2024-41049
CVE-2024-42131
CVE-2024-43817
CVE-2024-43897
CVE-2024-44932
CVE-2024-44964
CVE-2024-44995
CVE-2024-46681
CVE-2024-46800
CVE-2024-46802
CVE-2024-46804
CVE-2024-46805
CVE-2024-46807
CVE-2024-46810
CVE-2024-46812
CVE-2024-46819
CVE-2024-46821
CVE-2024-46835
CVE-2024-46842
CVE-2024-46853
CVE-2024-46859
CVE-2024-46864
CVE-2024-46871
CVE-2024-47663
CVE-2024-47665
CVE-2024-47667
CVE-2024-47669
CVE-2024-47670
CVE-2024-47671
CVE-2024-47679
CVE-2024-47682
CVE-2024-47693
CVE-2024-47695
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47699
CVE-2024-47701
CVE-2024-47709
CVE-2024-47712
CVE-2024-47713
CVE-2024-47718
CVE-2024-47723
CVE-2024-47728
CVE-2024-47735
CVE-2024-47737
CVE-2024-47742
CVE-2024-47745
CVE-2024-47749
CVE-2024-47756
CVE-2024-47757
CVE-2024-49850
CVE-2024-49851
CVE-2024-49852
CVE-2024-49855
CVE-2024-49861
CVE-2024-49863
CVE-2024-49868
CVE-2024-49870
CVE-2024-49871
CVE-2024-49875
CVE-2024-49877
CVE-2024-49879
CVE-2024-49884
CVE-2024-49891
CVE-2024-49900
CVE-2024-49902
CVE-2024-49903
CVE-2024-49905
CVE-2024-49907
CVE-2024-49908
CVE-2024-49921
CVE-2024-49924
CVE-2024-49925
CVE-2024-49934
CVE-2024-49935
CVE-2024-49938
CVE-2024-49945
CVE-2024-49947
CVE-2024-49950
CVE-2024-49957
CVE-2024-49963
CVE-2024-49965
CVE-2024-49966
CVE-2024-49968
CVE-2024-49981
CVE-2024-49983
CVE-2024-49985
CVE-2024-49989
CVE-2024-50003
CVE-2024-50007
CVE-2024-50008
CVE-2024-50009
CVE-2024-50013
CVE-2024-50017
CVE-2024-50025
CVE-2024-50026
CVE-2024-50031
CVE-2024-50044
CVE-2024-50062
CVE-2024-50067
CVE-2024-50073
CVE-2024-50074
CVE-2024-50077
CVE-2024-50078
CVE-2024-50082
CVE-2024-50089
CVE-2024-50093
CVE-2024-50095
CVE-2024-50096
CVE-2024-50098
CVE-2024-50099
CVE-2024-50103
CVE-2024-50108
CVE-2024-50110
CVE-2024-50115
CVE-2024-50116
CVE-2024-50117
CVE-2024-50124
CVE-2024-50125
CVE-2024-50127
CVE-2024-50128
CVE-2024-50131
CVE-2024-50134
CVE-2024-50135
CVE-2024-50138
CVE-2024-50141
CVE-2024-50146
CVE-2024-50147
CVE-2024-50148
CVE-2024-50150
CVE-2024-50153
CVE-2024-50154
CVE-2024-50155
CVE-2024-50156
CVE-2024-50160
CVE-2024-50167
CVE-2024-50171
CVE-2024-50179
CVE-2024-50180
CVE-2024-50182
CVE-2024-50183
CVE-2024-50184
CVE-2024-50186
CVE-2024-50187
CVE-2024-50188
CVE-2024-50189
CVE-2024-50192
CVE-2024-50194
CVE-2024-50195
CVE-2024-50196
CVE-2024-50198
CVE-2024-50201
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50215
CVE-2024-50218
CVE-2024-50229
CVE-2024-50230
CVE-2024-50232
CVE-2024-50233
CVE-2024-50234
CVE-2024-50236
CVE-2024-50237
CVE-2024-50249
CVE-2024-50255
CVE-2024-50259
CVE-2024-50261
CVE-2024-50264
CVE-2024-50265
CVE-2024-50267
CVE-2024-50268
CVE-2024-50269
CVE-2024-50271
CVE-2024-50273
CVE-2024-50274
CVE-2024-50279
CVE-2024-50282
CVE-2024-50287
CVE-2024-50289
CVE-2024-50290
CVE-2024-50292
CVE-2024-50295
CVE-2024-50298
CVE-2024-50301
CVE-2024-50302
CVE-2024-53052
CVE-2024-53058
CVE-2024-53059
CVE-2024-53060
CVE-2024-53061
CVE-2024-53063
CVE-2024-53066
CVE-2024-53068
CVE-2024-53079
CVE-2024-53085
CVE-2024-53088
CVE-2024-53104
CVE-2024-53110
CWE-ID CWE-476
CWE-416
CWE-20
CWE-667
CWE-399
CWE-191
CWE-415
CWE-388
CWE-200
CWE-908
CWE-125
CWE-617
CWE-362
CWE-401
CWE-119
CWE-190
CWE-835
CWE-665
CWE-369
CWE-682
CWE-404
CWE-787
Exploitation vector Network
Public exploit Vulnerability #229 is being exploited in the wild.
Vulnerable software
Public Cloud Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

kernel-source-azure
Operating systems & Components / Operating system package or component

kernel-devel-azure
Operating systems & Components / Operating system package or component

kernel-azure-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-vdso
Operating systems & Components / Operating system package or component

kernel-azure
Operating systems & Components / Operating system package or component

kselftests-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-extra
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-azure
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure
Operating systems & Components / Operating system package or component

dlm-kmp-azure
Operating systems & Components / Operating system package or component

gfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-optional
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-debugsource
Operating systems & Components / Operating system package or component

kernel-azure-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-azure
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel
Operating systems & Components / Operating system package or component

kernel-azure-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-azure
Operating systems & Components / Operating system package or component

kernel-azure-devel-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 230 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU92336

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47594

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU90174

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the fs/erofs/internal.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU99216

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48979

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU98992

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48982

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_register_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU99003

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48983

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_tctx_exit_cb() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU99138

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48989

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the set_bit() function in fs/fscache/cookie.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer underflow

EUVDB-ID: #VU99093

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48990

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the amdgpu_job_free_cb() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU96934

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52915

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the af9035_i2c_master_xfer() function in drivers/media/usb/dvb-usb-v2/af9035.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU98973

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52917

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ndev_init_debugfs() function in drivers/ntb/hw/intel/ntb_hw_gen1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU100617

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52921

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_pass1() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU101033

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52922

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Double free

EUVDB-ID: #VU90927

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26782

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper error handling

EUVDB-ID: #VU92944

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26906

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU91359

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26953

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of uninitialized resource

EUVDB-ID: #VU90873

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35888

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU91093

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35937

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Integer underflow

EUVDB-ID: #VU91667

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35980

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the arch/arm64/include/asm/tlbflush.h. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU90272

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36883

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU90049

Risk: High

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-36886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Race condition

EUVDB-ID: #VU93375

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36905

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper error handling

EUVDB-ID: #VU93450

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36953

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory leak

EUVDB-ID: #VU90431

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36954

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU92378

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38577

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU94120

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38615

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory leak

EUVDB-ID: #VU94210

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40997

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Memory leak

EUVDB-ID: #VU94924

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41023

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU94947

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Integer overflow

EUVDB-ID: #VU95035

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42131

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU96160

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43817

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/virtio_net.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU96541

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43897

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __udp_gso_segment() function in net/ipv4/udp_offload.c, within the tcp_gso_segment() function in net/ipv4/tcp_offload.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU96516

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idpf_vport_intr_napi_dis_all() and idpf_vport_intr_rel() functions in drivers/net/ethernet/intel/idpf/idpf_txrx.c, within the idpf_vport_stop(), idpf_vport_open() and idpf_send_map_unmap_queue_vector_msg() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Memory leak

EUVDB-ID: #VU96831

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44964

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the idpf_rx_init_buf_tail(), idpf_vport_open(), idpf_init_task(), idpf_initiate_soft_reset() and idpf_open() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU96855

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Infinite loop

EUVDB-ID: #VU97278

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46681

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pktgen_thread_worker() and pg_net_init() functions in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU97501

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46800

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU97827

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46804

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU97793

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46805

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psp_xgmi_reflect_topology_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU97794

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46807

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_recover_vram() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU97796

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46810

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tc_irq_handler() function in drivers/gpu/drm/bridge/tc358767.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU97845

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46812

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ModeSupportAndSystemConfiguration() function in drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU97797

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46819

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU97841

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46821

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the navi10_get_current_clk_freq_by_table(), navi10_emit_clk_levels(), navi10_print_clk_levels() and navi10_force_clk_levels() functions in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Resource management error

EUVDB-ID: #VU97831

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46835

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU97779

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46842

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_get_sfp_info_wait() function in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU97782

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nxp_fspi_fill_txfifo() function in drivers/spi/spi-nxp-fspi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Out-of-bounds read

EUVDB-ID: #VU97791

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46859

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper Initialization

EUVDB-ID: #VU97825

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46864

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the hv_machine_shutdown() function in arch/x86/kernel/cpu/mshyperv.c, within the EXPORT_SYMBOL_GPL(), register_syscore_ops() and wrmsrl() functions in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU98381

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46871

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Division by zero

EUVDB-ID: #VU98372

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47663

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU98379

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dma_init() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU98380

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47667

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU98367

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47669

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Memory leak

EUVDB-ID: #VU98377

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU99031

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Out-of-bounds read

EUVDB-ID: #VU98916

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47682

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sd_read_block_characteristics() function in drivers/scsi/sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU99176

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47693

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Out-of-bounds read

EUVDB-ID: #VU98921

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47695

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_conns() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU98985

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47699

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Resource management error

EUVDB-ID: #VU99177

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47709

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU98895

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47712

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_parse_join_bss_param() function in drivers/net/wireless/microchip/wilc1000/hif.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU98894

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw_wait_firmware_completion() function in drivers/net/wireless/realtek/rtw88/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Out-of-bounds read

EUVDB-ID: #VU98915

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47723

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Memory leak

EUVDB-ID: #VU98856

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47728

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU98976

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Out-of-bounds read

EUVDB-ID: #VU98913

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47757

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_btree_check_delete() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU98974

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49850

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bpf_core_apply() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU98891

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efc_nport_vport_del() function in drivers/scsi/elx/libefc/efc_nport.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Use-after-free

EUVDB-ID: #VU98893

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use of uninitialized resource

EUVDB-ID: #VU99086

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49861

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sizeof() function in net/core/filter.c, within the sizeof() function in kernel/trace/bpf_trace.c, within the arg_type_is_dynptr() function in kernel/bpf/verifier.c, within the sizeof() function in kernel/bpf/syscall.c, within the sizeof() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) NULL pointer dereference

EUVDB-ID: #VU98970

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49863

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vhost_scsi_get_req() function in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU98969

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_update_reloc_root() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Memory leak

EUVDB-ID: #VU98851

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49870

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cachefiles_open_file(), fput() and cachefiles_look_up_object() functions in fs/cachefiles/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU98968

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the adp5589_keypad_add() and adp5589_probe() functions in drivers/input/keyboard/adp5589-keys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper locking

EUVDB-ID: #VU99020

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49875

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU98965

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use of uninitialized resource

EUVDB-ID: #VU99084

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49900

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Out-of-bounds read

EUVDB-ID: #VU98910

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49902

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Use-after-free

EUVDB-ID: #VU98869

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jfs_issue_discard() and jfs_ioc_trim() functions in fs/jfs/jfs_discard.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) NULL pointer dereference

EUVDB-ID: #VU98958

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the handle_cursor_update() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) NULL pointer dereference

EUVDB-ID: #VU98925

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49907

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_allow_idle_optimizations() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1

kernel-devel-azure: before 5.14.21-150500.33.75.1

kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-vdso: before 5.14.21-150500.33.75.1

kernel-azure: before 5.14.21-150500.33.75.1

kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-extra: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kselftests-kmp-azure: before 5.14.21-150500.33.75.1

ocfs2-kmp-azure: before 5.14.21-150500.33.75.1

dlm-kmp-azure: before 5.14.21-150500.33.75.1

gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-optional: before 5.14.21-150500.33.75.1

cluster-md-kmp-azure: before 5.14.21-150500.33.75.1

kernel-azure-debugsource: before 5.14.21-150500.33.75.1

kernel-azure-debuginfo: before 5.14.21-150500.33.75.1

dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

gfs2-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure: before 5.14.21-150500.33.75.1

reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.75.1

kernel-azure-devel: before 5.14.21-150500.33.75.1

kernel-azure-optional-debuginfo: before 5.14.21-150500.33.75.1

kernel-syms-azure: before 5.14.21-150500.33.75.1

kernel-azure-devel-debuginfo: before 5.14.21-150500.33.75.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20244376-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) NULL pointer dereference

EUVDB-ID: #VU98939

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49908

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_update_cursor() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-source-azure: before 5.14.21-150500.33.75.1