Risk | Low |
Patch available | YES |
Number of vulnerabilities | 18 |
CVE-ID | CVE-2023-52524 CVE-2024-49925 CVE-2024-50089 CVE-2024-50115 CVE-2024-50125 CVE-2024-50127 CVE-2024-50154 CVE-2024-50205 CVE-2024-50208 CVE-2024-50264 CVE-2024-50267 CVE-2024-50279 CVE-2024-50290 CVE-2024-50301 CVE-2024-50302 CVE-2024-53061 CVE-2024-53063 CVE-2024-53142 |
CWE-ID | CWE-667 CWE-416 CWE-20 CWE-125 CWE-908 CWE-119 CWE-191 CWE-401 CWE-399 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
SUSE Enterprise Server 15 SP2 Business Critical Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Extension 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system reiserfs-kmp-default-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-default Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-preempt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-preempt-debuginfo Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-preempt-devel Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-preempt-debugsource Operating systems & Components / Operating system package or component kernel-preempt Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_55-debugsource Operating systems & Components / Operating system package or component kernel-default-livepatch Operating systems & Components / Operating system package or component kernel-default-livepatch-devel Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_212-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_212-default Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
EUVDB-ID: #VU91319
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52524
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfc_llcp_register_device() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98871
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49925
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99849
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99810
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50115
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99806
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50125
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SCO_CONN_TIMEOUT(), sco_sock_timeout() and sco_conn_del() functions in net/bluetooth/sco.c, within the bt_sock_unlink() function in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99808
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50127
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_change() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100062
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50154
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100136
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50205
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the apply_constraint_to_size() function in sound/firewire/amdtp-stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100141
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50208
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100612
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50264
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100613
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50267
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100620
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50279
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100637
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50290
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100622
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100611
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100733
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100741
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU101347
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53142
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_name() and do_copy() functions in init/initramfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Enterprise Server 15 SP2 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP2: LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2: LTSS
SUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
reiserfs-kmp-default: before 5.3.18-150200.24.212.1
kernel-docs: before 5.3.18-150200.24.212.1
kernel-source: before 5.3.18-150200.24.212.1
kernel-macros: before 5.3.18-150200.24.212.1
kernel-devel: before 5.3.18-150200.24.212.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-devel: before 5.3.18-150200.24.212.1
kernel-obs-build: before 5.3.18-150200.24.212.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.212.1
kernel-syms: before 5.3.18-150200.24.212.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.212.1
kernel-default-base: before 5.3.18-150200.24.212.1.150200.9.111.1
kernel-preempt-devel: before 5.3.18-150200.24.212.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt-debugsource: before 5.3.18-150200.24.212.1
kernel-preempt: before 5.3.18-150200.24.212.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
dlm-kmp-default: before 5.3.18-150200.24.212.1
gfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default: before 5.3.18-150200.24.212.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.212.1
cluster-md-kmp-default: before 5.3.18-150200.24.212.1
kernel-default-debugsource: before 5.3.18-150200.24.212.1
kernel-default-debuginfo: before 5.3.18-150200.24.212.1
kernel-livepatch-SLE15-SP2_Update_55-debugsource: before 1-150200.5.3.1
kernel-default-livepatch: before 5.3.18-150200.24.212.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.212.1
kernel-livepatch-5_3_18-150200_24_212-default-debuginfo: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_212-default: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.212.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20244388-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.