SUSE update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 120
CVE-ID CVE-2021-46936
CVE-2021-47163
CVE-2021-47416
CVE-2021-47612
CVE-2022-48788
CVE-2022-48789
CVE-2022-48790
CVE-2022-48809
CVE-2022-48946
CVE-2022-48949
CVE-2022-48951
CVE-2022-48956
CVE-2022-48958
CVE-2022-48960
CVE-2022-48962
CVE-2022-48966
CVE-2022-48967
CVE-2022-48969
CVE-2022-48971
CVE-2022-48972
CVE-2022-48973
CVE-2022-48978
CVE-2022-48985
CVE-2022-48988
CVE-2022-48991
CVE-2022-48992
CVE-2022-48997
CVE-2022-49000
CVE-2022-49002
CVE-2022-49010
CVE-2022-49011
CVE-2022-49014
CVE-2022-49015
CVE-2022-49020
CVE-2022-49021
CVE-2022-49026
CVE-2022-49027
CVE-2022-49028
CVE-2022-49029
CVE-2023-46343
CVE-2023-52881
CVE-2023-52898
CVE-2023-52918
CVE-2023-52919
CVE-2023-6270
CVE-2024-26804
CVE-2024-27043
CVE-2024-38538
CVE-2024-39476
CVE-2024-40965
CVE-2024-41016
CVE-2024-41082
CVE-2024-42114
CVE-2024-42145
CVE-2024-42253
CVE-2024-44931
CVE-2024-44958
CVE-2024-46724
CVE-2024-46755
CVE-2024-46802
CVE-2024-46809
CVE-2024-46813
CVE-2024-46816
CVE-2024-46818
CVE-2024-46826
CVE-2024-46834
CVE-2024-46840
CVE-2024-46841
CVE-2024-46848
CVE-2024-47670
CVE-2024-47672
CVE-2024-47673
CVE-2024-47674
CVE-2024-47684
CVE-2024-47685
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47706
CVE-2024-47707
CVE-2024-47713
CVE-2024-47735
CVE-2024-47737
CVE-2024-47742
CVE-2024-47745
CVE-2024-47749
CVE-2024-49851
CVE-2024-49860
CVE-2024-49877
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49890
CVE-2024-49891
CVE-2024-49894
CVE-2024-49896
CVE-2024-49901
CVE-2024-49920
CVE-2024-49929
CVE-2024-49936
CVE-2024-49949
CVE-2024-49957
CVE-2024-49958
CVE-2024-49959
CVE-2024-49962
CVE-2024-49965
CVE-2024-49966
CVE-2024-49967
CVE-2024-49982
CVE-2024-49991
CVE-2024-49995
CVE-2024-49996
CVE-2024-50006
CVE-2024-50007
CVE-2024-50024
CVE-2024-50033
CVE-2024-50035
CVE-2024-50045
CVE-2024-50047
CVE-2024-50058
CWE-ID CWE-416
CWE-362
CWE-401
CWE-476
CWE-119
CWE-787
CWE-399
CWE-200
CWE-20
CWE-388
CWE-667
CWE-682
CWE-415
CWE-451
CWE-908
CWE-125
CWE-835
Exploitation vector Network
Public exploit N/A
Vulnerable software
SUSE Linux Enterprise Server 12 SP5 LTSS Extended
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12 SP5
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-man
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-base-debuginfo
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 120 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU88892

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU93381

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47163

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the cleanup_bearer() and tipc_udp_disable() functions in net/tipc/udp_media.c, within the tipc_exit_net() function in net/tipc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU89967

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47416

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU92339

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47612

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU94424

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48788

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_rdma_error_recovery_work() function in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU94423

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_tcp_error_recovery_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU94422

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48790

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_async_event_work() function in drivers/nvme/host/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU94405

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48809

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the include/net/dst_metadata.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU99094

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48946

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the udf_truncate_tail_extent() function in fs/udf/truncate.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU99153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48949

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_vf_reset_msg() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

EUVDB-ID: #VU99179

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48951

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU99165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip6_fragment() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU99105

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48958

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the greth_init_rings() function in drivers/net/ethernet/aeroflex/greth.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU99207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48960

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU99208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU99210

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU99211

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU99131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48969

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU99141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48971

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bt_init() and sock_unregister() functions in net/bluetooth/af_bluetooth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU99163

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48972

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee802154_if_add() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper error handling

EUVDB-ID: #VU99065

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48973

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU99142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU99097

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48985

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mana_poll_rx_cq() and mana_cq_handler() functions in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper locking

EUVDB-ID: #VU99197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48988

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU99215

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48991

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU99214

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48992

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dpcm_be_reparent() function in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU99004

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48997

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tpm_pm_suspend() function in drivers/char/tpm/tpm-interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper error handling

EUVDB-ID: #VU99060

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49000

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the has_external_pci() function in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper error handling

EUVDB-ID: #VU99066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49002

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dmar_dev_scope_init() function in drivers/iommu/dmar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU99037

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49010

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Information disclosure

EUVDB-ID: #VU99113

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49011

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the adjust_tjmax() function in drivers/hwmon/coretemp.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Incorrect calculation

EUVDB-ID: #VU99182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49014

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __tun_detach() and tun_detach() functions in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU99199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hsr_deliver_master() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Information disclosure

EUVDB-ID: #VU99116

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the p9_socket_open() function in net/9p/trans_fd.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Resource management error

EUVDB-ID: #VU99136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the module_put() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Double free

EUVDB-ID: #VU99054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49026

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU99007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49027

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iavf_init_module() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU99008

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49028

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ixgbevf_init_module() function in drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU99161

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49029

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ibmpex_register_bmc() function in drivers/hwmon/ibmpex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU86243

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-46343

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU96346

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_free_dev() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU99254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU99255

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU90212

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26804

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use of uninitialized resource

EUVDB-ID: #VU92373

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38538

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU93824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39476

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper locking

EUVDB-ID: #VU94276

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Out-of-bounds read

EUVDB-ID: #VU94837

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41016

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Resource management error

EUVDB-ID: #VU95073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41082

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU94986

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Buffer overflow

EUVDB-ID: #VU95054

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU95562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42253

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pca953x_irq_bus_sync_unlock() function in drivers/gpio/gpio-pca953x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Memory leak

EUVDB-ID: #VU96512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44931

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Resource management error

EUVDB-ID: #VU96880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sched_cpu_deactivate() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds read

EUVDB-ID: #VU97510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46724

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the df_v1_7_get_hbm_channel_number() function in drivers/gpu/drm/amd/amdgpu/df_v1_7.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU97525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU97838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46802

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the resource_build_bit_depth_reduction_params() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper error handling

EUVDB-ID: #VU97813

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds read

EUVDB-ID: #VU97785

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46813

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dc_get_link_at_index() function in drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU97829

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46816

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Input validation error

EUVDB-ID: #VU97842

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46818

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Input validation error

EUVDB-ID: #VU97839

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46826

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Out-of-bounds read

EUVDB-ID: #VU97789

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46834

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ethtool_set_channels() function in net/ethtool/ioctl.c, within the ethtool_get_max_rxfh_channel() function in net/ethtool/common.c, within the ethnl_set_channels() function in net/ethtool/channels.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper locking

EUVDB-ID: #VU97808

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46840

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper error handling

EUVDB-ID: #VU97814

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46841

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the walk_down_proc() function in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Infinite loop

EUVDB-ID: #VU97820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46848

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Out-of-bounds read

EUVDB-ID: #VU98365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47670

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU98368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47672

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Resource management error

EUVDB-ID: #VU98375

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47673

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU98598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU98980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47684

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/tcp.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Use of uninitialized resource

EUVDB-ID: #VU99087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47685

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_reject_ip6_tcphdr_put() function in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Use-after-free

EUVDB-ID: #VU98899

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU98920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47697

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Out-of-bounds read

EUVDB-ID: #VU98919

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47698

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2832_pid_filter() function in drivers/media/dvb-frontends/rtl2832.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU98897

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47706

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_init_rq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU98988

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47707

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_uncached_list_flush_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper locking

EUVDB-ID: #VU99032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU99025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper error handling

EUVDB-ID: #VU99078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47737

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Incorrect calculation

EUVDB-ID: #VU99188

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Input validation error

EUVDB-ID: #VU99229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47745

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU98971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the act_establish() and act_open_rpl() functions in drivers/infiniband/hw/cxgb4/cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Memory leak

EUVDB-ID: #VU98860

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49851

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer overflow

EUVDB-ID: #VU99194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49860

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU98966

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49877

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Memory leak

EUVDB-ID: #VU98852

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper error handling

EUVDB-ID: #VU99076

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49882

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU98866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49883

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU98964

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49890

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_overdrive_limits() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU98963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49891

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_flush_io_rings() function in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_abort_handler() function in drivers/scsi/lpfc/lpfc_scsi.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Out-of-bounds read

EUVDB-ID: #VU98912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) NULL pointer dereference

EUVDB-ID: #VU98962

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49896

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU98960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_gpu_init() function in drivers/gpu/drm/msm/msm_gpu.c, within the adreno_gpu_init() function in drivers/gpu/drm/msm/adreno/adreno_gpu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU98927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49920

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn32_is_center_timing() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c, within the dcn32_enable_phantom_plane() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c, within the bw_calcs_data_update_from_pplib() function in drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c, within the reset_dio_stream_encoder() function in drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c, within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c, within the dcn20_post_unlock_program_front_end() and dcn20_wait_for_blank_complete() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c, within the hwss_build_fast_sequence() function in drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) NULL pointer dereference

EUVDB-ID: #VU98957

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iwl_mvm_tx_mpdu() and iwl_mvm_tx_skb_sta() functions in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU98873

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) NULL pointer dereference

EUVDB-ID: #VU98952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qdisc_pkt_len_init() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) NULL pointer dereference

EUVDB-ID: #VU98941

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_shutdown() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Input validation error

EUVDB-ID: #VU99044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49958

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper locking

EUVDB-ID: #VU99017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU98949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49962

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_db_convert_to_package() function in drivers/acpi/acpica/dbconvert.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper locking

EUVDB-ID: #VU99016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper error handling

EUVDB-ID: #VU99070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49966

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_local_read_info() function in fs/ocfs2/quota_local.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Input validation error

EUVDB-ID: #VU99223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Use-after-free

EUVDB-ID: #VU98879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49982

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Use-after-free

EUVDB-ID: #VU98882

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Buffer overflow

EUVDB-ID: #VU99192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Buffer overflow

EUVDB-ID: #VU99101

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Improper locking

EUVDB-ID: #VU99011

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50006

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Out-of-bounds read

EUVDB-ID: #VU98902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50007

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Infinite loop

EUVDB-ID: #VU99121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50024

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Use of uninitialized resource

EUVDB-ID: #VU99082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50033

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Use of uninitialized resource

EUVDB-ID: #VU99083

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50035

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2025/suse-su-20250034-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Input validation error

EUVDB-ID: #VU99038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the br_nf_dev_queue_xmit() function in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security

SUSE Linux Enterprise Server 12 SP5: LTSS

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-default-devel-debuginfo: before 4.12.14-122.234.1

kernel-default-man: before 4.12.14-122.234.1

kernel-source: before 4.12.14-122.234.1

kernel-macros: before 4.12.14-122.234.1

kernel-devel: before 4.12.14-122.234.1

kernel-default-base: before 4.12.14-122.234.1

kernel-syms: before 4.12.14-122.234.1

kernel-default-devel: before 4.12.14-122.234.1

kernel-default-base-debuginfo: before 4.12.14-122.234.1

kernel-default: before 4.12.14-122.234.1

ocfs2-kmp-default: before 4.12.14-122.234.1

kernel-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.234.1

dlm-kmp-default: before 4.12.14-122.234.1

dlm-kmp-default-debuginfo: before 4.12.14-122.234.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

ocfs2-kmp-default-debuginfo: before 4.12.14-122.234.1

cluster-md-kmp-default: before 4.12.14-122.234.1

kernel-default-debugsource: before 4.12.14-122.234.1

gfs2-kmp-default: before 4.12.14-122.234.1

CPE2.3