Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 120 |
CVE-ID | CVE-2021-46936 CVE-2021-47163 CVE-2021-47416 CVE-2021-47612 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48809 CVE-2022-48946 CVE-2022-48949 CVE-2022-48951 CVE-2022-48956 CVE-2022-48958 CVE-2022-48960 CVE-2022-48962 CVE-2022-48966 CVE-2022-48967 CVE-2022-48969 CVE-2022-48971 CVE-2022-48972 CVE-2022-48973 CVE-2022-48978 CVE-2022-48985 CVE-2022-48988 CVE-2022-48991 CVE-2022-48992 CVE-2022-48997 CVE-2022-49000 CVE-2022-49002 CVE-2022-49010 CVE-2022-49011 CVE-2022-49014 CVE-2022-49015 CVE-2022-49020 CVE-2022-49021 CVE-2022-49026 CVE-2022-49027 CVE-2022-49028 CVE-2022-49029 CVE-2023-46343 CVE-2023-52881 CVE-2023-52898 CVE-2023-52918 CVE-2023-52919 CVE-2023-6270 CVE-2024-26804 CVE-2024-27043 CVE-2024-38538 CVE-2024-39476 CVE-2024-40965 CVE-2024-41016 CVE-2024-41082 CVE-2024-42114 CVE-2024-42145 CVE-2024-42253 CVE-2024-44931 CVE-2024-44958 CVE-2024-46724 CVE-2024-46755 CVE-2024-46802 CVE-2024-46809 CVE-2024-46813 CVE-2024-46816 CVE-2024-46818 CVE-2024-46826 CVE-2024-46834 CVE-2024-46840 CVE-2024-46841 CVE-2024-46848 CVE-2024-47670 CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47684 CVE-2024-47685 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47706 CVE-2024-47707 CVE-2024-47713 CVE-2024-47735 CVE-2024-47737 CVE-2024-47742 CVE-2024-47745 CVE-2024-47749 CVE-2024-49851 CVE-2024-49860 CVE-2024-49877 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883 CVE-2024-49890 CVE-2024-49891 CVE-2024-49894 CVE-2024-49896 CVE-2024-49901 CVE-2024-49920 CVE-2024-49929 CVE-2024-49936 CVE-2024-49949 CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49962 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49982 CVE-2024-49991 CVE-2024-49995 CVE-2024-49996 CVE-2024-50006 CVE-2024-50007 CVE-2024-50024 CVE-2024-50033 CVE-2024-50035 CVE-2024-50045 CVE-2024-50047 CVE-2024-50058 |
CWE-ID | CWE-416 CWE-362 CWE-401 CWE-476 CWE-119 CWE-787 CWE-399 CWE-200 CWE-20 CWE-388 CWE-667 CWE-682 CWE-415 CWE-451 CWE-908 CWE-125 CWE-835 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-default-man Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-default-base-debuginfo Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 120 vulnerabilities.
EUVDB-ID: #VU88892
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93381
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47163
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the cleanup_bearer() and tipc_udp_disable() functions in net/tipc/udp_media.c, within the tipc_exit_net() function in net/tipc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89967
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47416
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92339
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47612
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94424
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94423
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94422
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94405
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48809
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the include/net/dst_metadata.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99094
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99153
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48949
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the igb_vf_reset_msg() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99179
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48951
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99165
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48956
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99105
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48958
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the greth_init_rings() function in drivers/net/ethernet/aeroflex/greth.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48960
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99208
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99210
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48966
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99211
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48969
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99141
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48971
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bt_init() and sock_unregister() functions in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48972
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99065
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48973
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99097
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48985
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mana_poll_rx_cq() and mana_cq_handler() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48988
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99215
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48991
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99214
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48992
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99004
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48997
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tpm_pm_suspend() function in drivers/char/tpm/tpm-interface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99060
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49000
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the has_external_pci() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99066
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49002
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99037
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49010
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99113
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49011
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49014
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tun_detach() and tun_detach() functions in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99199
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hsr_deliver_master() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99116
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49020
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49021
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49026
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99007
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iavf_init_module() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49028
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ixgbevf_init_module() function in drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99161
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-46343
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89895
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96346
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_free_dev() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99254
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91599
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90212
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92373
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39476
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94837
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41016
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41082
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94986
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42114
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95054
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95562
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42253
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pca953x_irq_bus_sync_unlock() function in drivers/gpio/gpio-pca953x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44931
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96880
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97510
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46724
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97525
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97838
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46802
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97813
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97785
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46813
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97829
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97842
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97789
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46834
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97808
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46841
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97820
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46848
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98365
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47670
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98368
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47673
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98598
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47684
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47685
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98899
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47696
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98920
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47697
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98919
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98897
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98988
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47707
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99032
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47713
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99025
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47735
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99078
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47737
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47742
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47745
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-47749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98860
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49851
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99194
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49860
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98966
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49877
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98852
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49881
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49882
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98866
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98964
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49890
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98963
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49891
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98912
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49894
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98960
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98927
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98957
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98873
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49949
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98941
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49958
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99017
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98949
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49962
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99016
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49966
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99223
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49967
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98882
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99192
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49995
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99011
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50006
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98902
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50007
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50024
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50033
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99083
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50035
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99038
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server 12 SP5: LTSS
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-default-devel-debuginfo: before 4.12.14-122.234.1
kernel-default-man: before 4.12.14-122.234.1
kernel-source: before 4.12.14-122.234.1
kernel-macros: before 4.12.14-122.234.1
kernel-devel: before 4.12.14-122.234.1
kernel-default-base: before 4.12.14-122.234.1
kernel-syms: before 4.12.14-122.234.1
kernel-default-devel: before 4.12.14-122.234.1
kernel-default-base-debuginfo: before 4.12.14-122.234.1
kernel-default: before 4.12.14-122.234.1
ocfs2-kmp-default: before 4.12.14-122.234.1
kernel-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1
dlm-kmp-default: before 4.12.14-122.234.1
dlm-kmp-default-debuginfo: before 4.12.14-122.234.1
gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1
cluster-md-kmp-default: before 4.12.14-122.234.1
kernel-default-debugsource: before 4.12.14-122.234.1
gfs2-kmp-default: before 4.12.14-122.234.1
CPE2.3